Hewlett Packard Enterprise Product Security Vulnerability Alerts
Ripple20 Vulnerability - Multiple Vulnerabilities Affecting the Treck TCP/IP Stack (Multiple CVEs)
Version 15.0 : Last Updated: January 14, 2021
This website is updated frequently, as new product information becomes available.
On June 16, 2020 JSOF disclosed the Ripple20 vulnerabilities in the Treck TCP/IP stack . HPE is evaluating each vulnerability for applicability to products, and will advise on them as part of the remediation communication.
The CVEs being evaluated by HPE are CVE-2020-11896, CVE-2020-11897, CVE-2020-11898, CVE-2020-11899, CVE-2020-11900, CVE-2020-11901, CVE-2020-11902, CVE-2020-11903, CVE-2020-11904, CVE-2020-11905, CVE-2020-11906, CVE-2020-11907, CVE-2020-11908, CVE-2020-11909, CVE-2020-11910, CVE-2020-11911, CVE-2020-11912, CVE-2020-11913, CVE-2020-11914.
Intel also published the following 4 CVEs related to Ripple20: CVE-2020-0594, CVE-2020-059, CVE-2020-0595, CVE-2020-8674.
HPE continues to investigate this issue and product impact assessment will be updated as more information becomes available.
- Resources
- HPE Vulnerability Homepage
- Treck’s Impact Statement
- Ripple20 Research Paper
- US-CERT Ripple20
- HPE Support Center
Disclaimer: One or more of the links above will take you outside the HPE website. HPE is not responsible for content outside of its domain.
Usage Instructions and Definitions for CVE Vulnerability Information |
|
Data |
Definition |
Product Category |
High-level product description. |
Product Sub-Category |
Medium-level product description. |
Product Name |
Detailed product description. |
|
|
(Impacted) |
Indicates whether the specific product is affected by the cited vulnerability. |
|
|
If Impacted - Mitigation or |
Information regarding how to address a vulnerability. |
Under Investigation |
|
Link(s) to security bulletin (Vendor) |
Link to Vendor's Security Bulletin. |
Use the following table to find vulnerability information by entering the name of the product (e.g. ML350) in the search box.
Sub
Category |
Product
Name |
Impacted
(Yes/No/Under Investigation) |
Mitigation
/ Notes |
HPE
Support Documentation |
Other
Support Documentation (Vendor/HPE) |
|
Networking |
Networking |
HPE
8200 zl Switch Series |
Yes |
Fix
available. Refer to the HPE Security Bulletin for mitigation details |
||
Networking |
Networking |
HPE
6600 Switch Series |
Yes |
Fix
available. Refer to the HPE Security Bulletin for mitigation details |
||
Networking |
Networking |
HPE
6200 yl Switch Series |
Yes |
Fix
available. Refer to the HPE Security Bulletin for mitigation details |
||
Networking |
Networking |
Aruba
5400 zl |
Yes |
Fix
available. Refer to the HPE Security Bulletin for mitigation details |
||
Networking |
Networking |
Aruba
3800 Switch Series |
Yes |
Fix
available. Refer to the HPE Security Bulletin for mitigation details |
||
Networking |
Networking |
HPE
3500 and 3500 yl Switch Series |
Yes |
Fix
available. Refer to the HPE Security Bulletin for mitigation details |
||
Networking |
Networking |
Aruba
2915 Switch Series |
Yes |
Fix
available. Refer to the HPE Security Bulletin for mitigation details |
||
Networking |
Networking |
Aruba
2620 Switch Series |
Yes |
Fix
available. Refer to the HPE Security Bulletin for mitigation details |
||
Networking |
Networking |
Aruba
2615 Switch Series |
Yes |
Fix
available. Refer to the HPE Security Bulletin for mitigation details |
||
Networking |
Networking |
Aruba
5400R zl2 Switch Series |
Yes |
Fix
available. Refer to the HPE Security Bulletin for mitigation details |
||
Networking |
Networking |
Aruba
3810M Switch Series |
Yes |
Fix
available. Refer to the HPE Security Bulletin for mitigation details |
||
Networking |
Networking |
Aruba
2930M Switch Series |
Yes |
Fix
available. Refer to the HPE Security Bulletin for mitigation details |
||
Networking |
Networking |
Aruba
2930F Switch Series |
Yes |
Fix
available. Refer to the HPE Security Bulletin for mitigation details |
||
Networking |
Networking |
Aruba
2920 Switch Series |
Yes |
Fix
available. Refer to the HPE Security Bulletin for mitigation details |
||
Networking |
Networking |
Aruba
2540 Switch Series |
Yes |
Fix
available. Refer to the HPE Security Bulletin for mitigation details |
||
Networking |
Networking |
Aruba
2530 Switch Series |
Yes |
Fix
available. Refer to the HPE Security Bulletin for mitigation details |
||
Storage |
StoreEasy |
HPE
StoreEasy 1450, 1550, 1650, 1650 Expanded, 1850,
and 3850 |
Yes |
Products
based on HPE ProLiant Gen10 are impacted due to HPE iLO 5. Fix is available. Refer to the HPE Security
Bulletin for mitigation details. |
|
|
Storage |
3PAR |
HPE
3PAR Physical SP |
Yes |
Physical
Service Processors based on HPE ProLiant DL360 Gen10 are impacted due to HPE
iLO 5. Fix is available. Refer to the
HPE Security Bulletin for mitigation details. |
|
|
Storage |
StoreVirtual |
HPE
StoreVirtual 3000 File Controller, and 3PAR StoreServ
File Controller v3 |
Yes |
Products
based on HPE ProLiant Gen10 are impacted due to HPE iLO 5. Fix is available. Refer to the HPE Security
Bulletin for mitigation details. |
|
|
NonStop |
NonStop |
HPE
NonStop X NS7 X3 systems, HPE NonStop
X NS3 X3 systems |
Yes |
NonStop Hotstuff HS03431 and HPE Security
Bulletin HPESBHF4012 for iLO server management processor. |
||
|
|
|
|
NonStop Hotstuff HS03432 and HPE Security
Bulletin HPESBNW04010 for maintenance LAN switches. |
||
NonStop |
NonStop |
HPE
NonStop X NS7 X2 systems; HPE NonStop
X NS3 X2 systems |
Yes |
NonStop Hotstuff HS03431 and HPE Security
Bulletin HPESBHF4012 for iLO server management processor. |
||
|
|
|
|
NonStop Hotstuff HS03432 and HPE Security
Bulletin HPESBNW04010 for maintenance LAN switches. |
||
NonStop |
NonStop |
HPE
NonStop X NS7 X1 systems; HPE NonStop
X NS3 X1 systems |
Yes |
NonStop Hotstuff HS03431 and HPE Security
Bulletin HPESBHF4012 for iLO server management processor. |
||
|
|
|
|
NonStop Hotstuff HS03432 and HPE Security
Bulletin HPESBNW04010 for maintenance LAN switches. |
||
NonStop |
NonStop |
HPE
NonStop X NS2 X3 systems |
Yes |
NonStop Hotstuff HS03431 and HPE Security
Bulletin HPESBHF4012 for iLO server management processor. |
||
|
|
|
|
NonStop Hotstuff HS03432 and HPE Security
Bulletin HPESBNW04010 for maintenance LAN switches. |
||
NonStop |
NonStop |
HPE
NonStop X NS2 X2 systems |
Yes |
NonStop Hotstuff HS03432 and HPE Security
Bulletin HPESBNW04010 for maintenance LAN switches. |
||
NonStop |
NonStop |
HPE
NonStop i BladeSystem
NB56000c |
Yes |
NonStop Hotstuff HS03439 and HPE Security
Bulletin HPESBHF4012 for iLO server management processor. |
||
|
|
|
|
NonStop Hotstuff HS03432 and HPE Security
Bulletin HPESBNW04010 for maintenance LAN switches. |
||
NonStop |
NonStop |
HPE
NonStop i NS2400 systems;
HPE NonStop i NS2300
systems |
Yes |
NonStop Hotstuff HS03439 and HPE Security
Bulletin HPESBHF4012 for iLO server management processor. |
||
|
|
|
|
NonStop Hotstuff HS03432 and HPE Security
Bulletin HPESBNW04010 for maintenance LAN switches. |
||
NonStop |
NonStop |
HPE
NonStop Virtual Tape Controller (VTC); HPE NonStop Virtual Tape Repository (VTR) |
Yes |
NonStop Hotstuff HS03431 and HPE Security
Bulletin HPESBHF4012 for iLO server management processor. |
||
NonStop |
NonStop |
HPE
NonStop System Console (NSC) |
Yes |
NonStop Hotstuff HS03431 and HPE Security
Bulletin HPESBHF4012 for iLO server management processor. |
||
Server
Management |
HPE
Integrated Lights-Out |
HPE
Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers |
Yes |
Fix
available. Refer to the HPE Security Bulletin for mitigation details |
|
|
Server Management |
HPE Integrated Lights-Out |
HPE Integrated Lights-Out 4 (iLO 4) |
Yes |
Fix available. Refer to the HPE Security Bulletin for mitigation details |
|
|
Server
Management |
HPE
Integrated Lights-Out |
HPE
Integrated Lights-Out 3 (iLO 3) |
Yes |
Fix
available. Refer to the HPE Security Bulletin for mitigation details |
|
|
Servers |
HPE Integrity servers |
HPE Superdome 2 |
Yes |
Fix available. Refer to the HPE Security Bulletin for mitigation details |
|
|
Servers |
HPE Integrity servers |
HPE Integrity rx2800 i6 |
Yes |
Fix
available. Refer to the HPE Security Bulletin for mitigation details |
|
|
Servers |
HPE Integrity servers |
HPE Integrity rx2800 i4 |
Yes |
Fix available. Refer to the HPE Security Bulletin for mitigation details |
|
|
Servers |
HPE Integrity servers |
HPE Integrity rx2900 i6 |
Yes |
Fix
available. Refer to the HPE Security Bulletin for mitigation details |
|
|
Servers |
HPE Integrity servers |
HPE Integrity rx2900 i4 |
Yes |
Fix available. Refer to the HPE Security Bulletin for mitigation details |
|
|
Servers |
HPE Integrity servers |
HPE Integrity BL860c i6 Server Blade |
Yes |
Fix
available. Refer to the HPE Security Bulletin for mitigation details |
|
|
Servers |
HPE Integrity servers |
HPE Integrity BL860c i4 Server Blade |
Yes |
Fix available. Refer to the HPE Security Bulletin for mitigation details |
|
|
Servers |
HPE Integrity servers |
HPE Integrity BL870c i6 Server Blade |
Yes |
Fix
available. Refer to the HPE Security Bulletin for mitigation details |
|
|
Servers |
HPE Integrity servers |
HPE Integrity BL870c i4 Server Blade |
Yes |
Fix available. Refer to the HPE Security Bulletin for mitigation details |
|
|
Servers |
HPE Integrity servers |
HPE Integrity BL890c i6 Server Blade |
Yes |
Fix
available. Refer to the HPE Security Bulletin for mitigation details |
|
|
Servers |
HPE Integrity servers |
HPE Integrity BL890c i4 Server Blade |
Yes |
Fix available. Refer to the HPE Security Bulletin for mitigation details |
|
|
Servers |
HPE Integrity servers |
HPE Integrity rx2800 i2 |
Yes |
Fix
available. Refer to the HPE Security Bulletin for mitigation details |
|
|
Servers |
HPE Integrity servers |
HPE Integrity BL860c i2 Server Blade |
Yes |
Fix available. Refer to the HPE Security Bulletin for mitigation details |
|
|
Servers |
HPE Integrity servers |
HPE Integrity BL870c i2 Server Blade |
Yes |
Fix
available. Refer to the HPE Security Bulletin for mitigation details |
|
|
Servers |
HPE Integrity servers |
HPE Integrity BL890c i2 Server Blade |
Yes |
Fix available. Refer to the HPE Security Bulletin for mitigation details |
|
|
Servers |
HPE Integrity servers |
HPE Superdome X |
Yes |
Fix
available. Refer to the HPE Security Bulletin for mitigation details |
|
|
Oneview |
HPE Synergy Composer |
HPE Synergy Composer - 2 |
Yes |
Fix available. Refer to the HPE Security Bulletin for mitigation details |
|
|
Server Management |
HPE Integrated Lights-Out |
HPE Moonshot iLO 4 |
Yes |
Fix
available. Refer to the HPE Security Bulletin for mitigation details |
|
|
Rack and Power Infrastructure |
Uninterruptible Power Systems |
HPE UPS Network Module |
Yes |
Fix available. Refer to the HPE Security Bulletin for mitigation details |
|
|
Server Management |
HPE Integrated Lights-Out |
HPE Moonshot Chassis Management Firmware |
Yes |
Fix
available. Refer to the HPE Security Bulletin for mitigation details |
|