Hewlett Packard Enterprise Product Security Vulnerability Alerts

Ripple20 Vulnerability - Multiple Vulnerabilities Affecting the Treck TCP/IP Stack (Multiple CVEs)

Version 14.0 :  Last Updated: November 09, 2020

This website is updated frequently, as new product information becomes available.

On June 16, 2020 JSOF disclosed the Ripple20 vulnerabilities in the Treck TCP/IP stack . HPE is evaluating each vulnerability for applicability to products, and will advise on them as part of the remediation communication.

The CVEs being evaluated by HPE are CVE-2020-11896, CVE-2020-11897, CVE-2020-11898, CVE-2020-11899, CVE-2020-11900, CVE-2020-11901, CVE-2020-11902, CVE-2020-11903, CVE-2020-11904, CVE-2020-11905, CVE-2020-11906, CVE-2020-11907, CVE-2020-11908, CVE-2020-11909, CVE-2020-11910, CVE-2020-11911, CVE-2020-11912, CVE-2020-11913, CVE-2020-11914.

Intel also published the following 4 CVEs related to Ripple20: CVE-2020-0594, CVE-2020-059, CVE-2020-0595, CVE-2020-8674.

HPE continues to investigate this issue and product impact assessment will be updated as more information becomes available.

Disclaimer: One or more of the links above will take you outside the HPE website. HPE is not responsible for content outside of its domain.

Usage Instructions and Definitions for CVE Vulnerability Information

Data

Definition

Product Category

High-level product description.

Product Sub-Category

Medium-level product description.

Product Name

Detailed product description.

 

(Impacted)

Indicates whether the specific product is affected by the cited vulnerability.

 

If Impacted - Mitigation or

Information regarding how to address a vulnerability.

Under Investigation

Link(s) to security bulletin (Vendor)

Link to Vendor's Security Bulletin.

 

Use the following table to find vulnerability information by entering the name of the product (e.g. ML350) in the search box.

Product Category

Sub Category

Product Name

Impacted (Yes/No/Under Investigation)

Mitigation / Notes

HPE Support Documentation

Other Support Documentation (Vendor/HPE)

Networking

Networking

HPE 8200 zl Switch Series

Yes

Fix available. Refer to the HPE Security Bulletin for mitigation details

HPE Security Bulletin hpesbnw04010

ARUBA-PSA-2020-006

Networking

Networking

HPE 6600 Switch Series

Yes

Fix available. Refer to the HPE Security Bulletin for mitigation details

HPE Security Bulletin hpesbnw04010

ARUBA-PSA-2020-006

Networking

Networking

HPE 6200 yl Switch Series

Yes

Fix available. Refer to the HPE Security Bulletin for mitigation details

HPE Security Bulletin hpesbnw04010

ARUBA-PSA-2020-006

Networking

Networking

Aruba 5400 zl

Yes

Fix available. Refer to the HPE Security Bulletin for mitigation details

HPE Security Bulletin hpesbnw04010

ARUBA-PSA-2020-006

Networking

Networking

Aruba 3800 Switch Series

Yes

Fix available. Refer to the HPE Security Bulletin for mitigation details

HPE Security Bulletin hpesbnw04010

ARUBA-PSA-2020-006

Networking

Networking

HPE 3500 and 3500 yl Switch Series

Yes

Fix available. Refer to the HPE Security Bulletin for mitigation details

HPE Security Bulletin hpesbnw04010

ARUBA-PSA-2020-006

Networking

Networking

Aruba 2915 Switch Series

Yes

Fix available. Refer to the HPE Security Bulletin for mitigation details

HPE Security Bulletin hpesbnw04010

ARUBA-PSA-2020-006

Networking

Networking

Aruba 2620 Switch Series

Yes

Fix available. Refer to the HPE Security Bulletin for mitigation details

HPE Security Bulletin hpesbnw04010

ARUBA-PSA-2020-006

Networking

Networking

Aruba 2615 Switch Series

Yes

Fix available. Refer to the HPE Security Bulletin for mitigation details

HPE Security Bulletin hpesbnw04010

ARUBA-PSA-2020-006

Networking

Networking

Aruba 5400R zl2 Switch Series

Yes

Fix available. Refer to the HPE Security Bulletin for mitigation details

HPE Security Bulletin hpesbnw04010

ARUBA-PSA-2020-006

Networking

Networking

Aruba 3810M Switch Series

Yes

Fix available. Refer to the HPE Security Bulletin for mitigation details

HPE Security Bulletin hpesbnw04010

ARUBA-PSA-2020-006

Networking

Networking

Aruba 2930M Switch Series

Yes

Fix available. Refer to the HPE Security Bulletin for mitigation details

HPE Security Bulletin hpesbnw04010

ARUBA-PSA-2020-006

Networking

Networking

Aruba 2930F Switch Series

Yes

Fix available. Refer to the HPE Security Bulletin for mitigation details

HPE Security Bulletin hpesbnw04010

ARUBA-PSA-2020-006

Networking

Networking

Aruba 2920 Switch Series

Yes

Fix available. Refer to the HPE Security Bulletin for mitigation details

HPE Security Bulletin hpesbnw04010

ARUBA-PSA-2020-006

Networking

Networking

Aruba 2540 Switch Series

Yes

Fix available. Refer to the HPE Security Bulletin for mitigation details

HPE Security Bulletin hpesbnw04010

ARUBA-PSA-2020-006

Networking

Networking

Aruba 2530 Switch Series

Yes

Fix available. Refer to the HPE Security Bulletin for mitigation details

HPE Security Bulletin hpesbnw04010

ARUBA-PSA-2020-006

Storage

StoreEasy

HPE StoreEasy 1450, 1550, 1650, 1650 Expanded, 1850, and 3850

Yes

Products based on HPE ProLiant Gen10 are impacted due to HPE iLO 5.  Fix is available. Refer to the HPE Security Bulletin for mitigation details.

HPE Security Bulletin hpesbhf04012

 

Storage

3PAR

HPE 3PAR Physical SP

Yes

Physical Service Processors based on HPE ProLiant DL360 Gen10 are impacted due to HPE iLO 5.  Fix is available. Refer to the HPE Security Bulletin for mitigation details.

HPE Security Bulletin hpesbhf04012

 

Storage

StoreVirtual

HPE StoreVirtual 3000 File Controller, and 3PAR StoreServ File Controller v3

Yes

Products based on HPE ProLiant Gen10 are impacted due to HPE iLO 5.  Fix is available. Refer to the HPE Security Bulletin for mitigation details.

HPE Security Bulletin hpesbhf04012

 

NonStop

NonStop

HPE NonStop X NS7 X3 systems, HPE NonStop X NS3 X3 systems

Yes

NonStop Hotstuff HS03431 and HPE Security Bulletin HPESBHF4012 for iLO server management processor.

NonStop Hotstuff HS03431

HPE Security Bulletin hpesbhf04012

 

 

 

 

NonStop Hotstuff HS03432 and HPE Security Bulletin HPESBNW04010 for maintenance LAN switches.

NonStop Hotsuff HS03432

HPE Security Bulletin hpesbnw04010

NonStop

NonStop

HPE NonStop X NS7 X2 systems; HPE NonStop X NS3 X2 systems

Yes

NonStop Hotstuff HS03431 and HPE Security Bulletin HPESBHF4012 for iLO server management processor.

NonStop Hotstuff HS03431

HPE Security Bulletin hpesbhf04012

 

 

 

 

NonStop Hotstuff HS03432 and HPE Security Bulletin HPESBNW04010 for maintenance LAN switches.

NonStop Hotsuff HS03432

HPE Security Bulletin hpesbnw04010

NonStop

NonStop

HPE NonStop X NS7 X1 systems; HPE NonStop X NS3 X1 systems

Yes

NonStop Hotstuff HS03431 and HPE Security Bulletin HPESBHF4012 for iLO server management processor.

NonStop Hotstuff HS03431

HPE Security Bulletin hpesbhf04012

 

 

 

 

NonStop Hotstuff HS03432 and HPE Security Bulletin HPESBNW04010 for maintenance LAN switches.

NonStop Hotsuff HS03432

HPE Security Bulletin hpesbnw04010

NonStop

NonStop

HPE NonStop X NS2 X3 systems

Yes

NonStop Hotstuff HS03431 and HPE Security Bulletin HPESBHF4012 for iLO server management processor.

NonStop Hotstuff HS03431

HPE Security Bulletin hpesbhf04012

 

 

 

 

NonStop Hotstuff HS03432 and HPE Security Bulletin HPESBNW04010 for maintenance LAN switches.

NonStop Hotsuff HS03432

HPE Security Bulletin hpesbnw04010

NonStop

NonStop

HPE NonStop X NS2 X2 systems

Yes

NonStop Hotstuff HS03432 and HPE Security Bulletin HPESBNW04010 for maintenance LAN switches.

NonStop Hotsuff HS03432

HPE Security Bulletin hpesbnw04010

NonStop

NonStop

HPE NonStop i BladeSystem NB56000c

Yes

NonStop Hotstuff HS03439 and HPE Security Bulletin HPESBHF4012 for iLO server management processor.

NonStop Hotstuff HS03439

HPE Security Bulletin hpesbhf04012

 

 

 

 

NonStop Hotstuff HS03432 and HPE Security Bulletin HPESBNW04010 for maintenance LAN switches.

NonStop Hotsuff HS03432

HPE Security Bulletin hpesbnw04010

NonStop

NonStop

HPE NonStop i NS2400 systems; HPE NonStop i NS2300 systems

Yes

NonStop Hotstuff HS03439 and HPE Security Bulletin HPESBHF4012 for iLO server management processor.

NonStop Hotstuff HS03439

HPE Security Bulletin hpesbhf04012

 

 

 

 

NonStop Hotstuff HS03432 and HPE Security Bulletin HPESBNW04010 for maintenance LAN switches.

NonStop Hotsuff HS03432

HPE Security Bulletin hpesbnw04010

NonStop

NonStop

HPE NonStop Virtual Tape Controller (VTC); HPE NonStop Virtual Tape Repository (VTR)

Yes

NonStop Hotstuff HS03431 and HPE Security Bulletin HPESBHF4012 for iLO server management processor.

NonStop Hotstuff HS03431

HPE Security Bulletin hpesbhf04012

NonStop

NonStop

HPE NonStop System Console (NSC)

Yes

NonStop Hotstuff HS03431 and HPE Security Bulletin HPESBHF4012 for iLO server management processor.

NonStop Hotstuff HS03431

HPE Security Bulletin hpesbhf04012

Server Management

HPE Integrated Lights-Out

HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers

Yes

Fix available. Refer to the HPE Security Bulletin for mitigation details

HPE Security Bulletin hpesbhf04012

 

Server Management

HPE Integrated Lights-Out

HPE Integrated Lights-Out 4 (iLO 4)

Yes

Fix available. Refer to the HPE Security Bulletin for mitigation details

HPE Security Bulletin hpesbhf04012

 

Server Management

HPE Integrated Lights-Out

HPE Integrated Lights-Out 3 (iLO 3)

Yes

Fix available. Refer to the HPE Security Bulletin for mitigation details

HPE Security Bulletin hpesbhf04012

 

Servers

HPE Integrity servers

HPE Superdome 2

Yes

Fix available. Refer to the HPE Security Bulletin for mitigation details

HPE Security Bulletin hpesbhf04031

 

Servers

HPE Integrity servers

HPE Integrity rx2800 i6

Yes

Fix available. Refer to the HPE Security Bulletin for mitigation details

HPE Security Bulletin hpesbhf04031

 

Servers

HPE Integrity servers

HPE Integrity rx2800 i4

Yes

Fix available. Refer to the HPE Security Bulletin for mitigation details

HPE Security Bulletin hpesbhf04031

 

Servers

HPE Integrity servers

HPE Integrity rx2900 i6

Yes

Fix available. Refer to the HPE Security Bulletin for mitigation details

HPE Security Bulletin hpesbhf04031

 

Servers

HPE Integrity servers

HPE Integrity rx2900 i4

Yes

Fix available. Refer to the HPE Security Bulletin for mitigation details

HPE Security Bulletin hpesbhf04031

 

Servers

HPE Integrity servers

HPE Integrity BL860c i6 Server Blade

Yes

Fix available. Refer to the HPE Security Bulletin for mitigation details

HPE Security Bulletin hpesbhf04031

 

Servers

HPE Integrity servers

HPE Integrity BL860c i4 Server Blade

Yes

Fix available. Refer to the HPE Security Bulletin for mitigation details

HPE Security Bulletin hpesbhf04031

 

Servers

HPE Integrity servers

HPE Integrity BL870c i6 Server Blade

Yes

Fix available. Refer to the HPE Security Bulletin for mitigation details

HPE Security Bulletin hpesbhf04031

 

Servers

HPE Integrity servers

HPE Integrity BL870c i4 Server Blade

Yes

Fix available. Refer to the HPE Security Bulletin for mitigation details

HPE Security Bulletin hpesbhf04031

 

Servers

HPE Integrity servers

HPE Integrity BL890c i6 Server Blade

Yes

Fix available. Refer to the HPE Security Bulletin for mitigation details

HPE Security Bulletin hpesbhf04031

 

Servers

HPE Integrity servers

HPE Integrity BL890c i4 Server Blade

Yes

Fix available. Refer to the HPE Security Bulletin for mitigation details

HPE Security Bulletin hpesbhf04031

 

Servers

HPE Integrity servers

HPE Integrity rx2800 i2

Yes

Fix available. Refer to the HPE Security Bulletin for mitigation details

HPE Security Bulletin hpesbhf04031

 

Servers

HPE Integrity servers

HPE Integrity BL860c i2 Server Blade

Yes

Fix available. Refer to the HPE Security Bulletin for mitigation details

HPE Security Bulletin hpesbhf04031

 

Servers

HPE Integrity servers

HPE Integrity BL870c i2 Server Blade

Yes

Fix available. Refer to the HPE Security Bulletin for mitigation details

HPE Security Bulletin hpesbhf04031

 

Servers

HPE Integrity servers

HPE Integrity BL890c i2 Server Blade

Yes

Fix available. Refer to the HPE Security Bulletin for mitigation details

HPE Security Bulletin hpesbhf04031

 

Servers

HPE Integrity servers

HPE Superdome X

Yes

Fix available. Refer to the HPE Security Bulletin for mitigation details

HPE Security Bulletin hpesbhf04038

 

Oneview

HPE Synergy Composer

HPE Synergy Composer - 2

Yes

Fix available. Refer to the HPE Security Bulletin for mitigation details

HPE Security Bulletin hpesbhf04039

 

Server Management

HPE Integrated Lights-Out

HPE Moonshot iLO 4

Yes

Fix available. Refer to the HPE Security Bulletin for mitigation details

HPE Security Bulletin hpesbhf04021

 

Rack and Power Infrastructure

Uninterruptible Power Systems

HPE UPS Network Module

Yes

HP/HPE R5000/R7000 UPS fix pending

 

 

Server Management

HPE Integrated Lights-Out

HPE Moonshot Chassis Management Firmware

Yes

Fix available. Refer to the HPE Security Bulletin for mitigation details

HPE Security Bulletin hpesbhf04021