{
    "dataType": "CVE_RECORD",
    "dataVersion": "5.1",
    "cveMetadata": {
        "cveId": "CVE-2024-22437",
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "state": "PUBLISHED",
        "assignerShortName": "hpe",
        "dateReserved": "2024-01-10T15:24:39.966Z",
        "datePublished": "2024-04-15T09:21:40.627Z",
        "dateUpdated": "2024-08-01T22:43:34.946Z"
    },
    "containers": {
        "cna": {
            "affected": [
                {
                    "defaultStatus": "unaffected",
                    "platforms": [
                        "Windows"
                    ],
                    "product": "HPE MSA SAN Storage VSS Provider and CAPI Proxy Software",
                    "vendor": "Hewlett Packard Enterprise",
                    "versions": [
                        {
                            "lessThan": "4.1.3.83",
                            "status": "affected",
                            "version": "N/A",
                            "versionType": "custom"
                        }
                    ]
                }
            ],
            "credits": [
                {
                    "lang": "en",
                    "type": "reporter",
                    "value": "R Cooper of Environtec Limited"
                }
            ],
            "datePublic": "2024-04-02T09:13:00.000Z",
            "descriptions": [
                {
                    "lang": "en",
                    "supportingMedia": [
                        {
                            "base64": false,
                            "type": "text/html",
                            "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">A potential security vulnerability has been identified in VSS Provider and CAPI Proxy software for certain HPE MSA storage products. This vulnerability could be exploited to gain elevated privilege on the system.</span>\n\n"
                        }
                    ],
                    "value": "\nA potential security vulnerability has been identified in VSS Provider and CAPI Proxy software for certain HPE MSA storage products. This vulnerability could be exploited to gain elevated privilege on the system.\n\n"
                }
            ],
            "impacts": [
                {
                    "capecId": "CAPEC-233",
                    "descriptions": [
                        {
                            "lang": "en",
                            "value": "CAPEC-233 Privilege Escalation"
                        }
                    ]
                }
            ],
            "metrics": [
                {
                    "cvssV3_1": {
                        "attackComplexity": "LOW",
                        "attackVector": "LOCAL",
                        "availabilityImpact": "HIGH",
                        "baseScore": 7.3,
                        "baseSeverity": "HIGH",
                        "confidentialityImpact": "HIGH",
                        "integrityImpact": "HIGH",
                        "privilegesRequired": "LOW",
                        "scope": "UNCHANGED",
                        "userInteraction": "REQUIRED",
                        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                        "version": "3.1"
                    },
                    "format": "CVSS",
                    "scenarios": [
                        {
                            "lang": "en",
                            "value": "GENERAL"
                        }
                    ]
                }
            ],
            "problemTypes": [
                {
                    "descriptions": [
                        {
                            "cweId": "CWE-428",
                            "description": "CWE-428 Unquoted Search Path or Element",
                            "lang": "en",
                            "type": "CWE"
                        }
                    ]
                }
            ],
            "providerMetadata": {
                "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
                "shortName": "hpe",
                "dateUpdated": "2024-04-15T09:21:40.627Z"
            },
            "references": [
                {
                    "url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbst04630en_us"
                }
            ],
            "source": {
                "advisory": "HPESBST04630",
                "discovery": "UNKNOWN"
            },
            "title": "HPE MSA SAN Storage VSS Provider and CAPI Proxy Software, Elevation of Privilege",
            "x_generator": {
                "engine": "Vulnogram 0.1.0-dev"
            }
        },
        "adp": [
            {
                "metrics": [
                    {
                        "other": {
                            "type": "ssvc",
                            "content": {
                                "timestamp": "2024-04-15T13:13:01.628436Z",
                                "id": "CVE-2024-22437",
                                "options": [
                                    {
                                        "Exploitation": "none"
                                    },
                                    {
                                        "Automatable": "no"
                                    },
                                    {
                                        "Technical Impact": "total"
                                    }
                                ],
                                "role": "CISA Coordinator",
                                "version": "2.0.3"
                            }
                        }
                    }
                ],
                "title": "CISA ADP Vulnrichment",
                "providerMetadata": {
                    "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                    "shortName": "CISA-ADP",
                    "dateUpdated": "2024-07-25T15:51:08.406Z"
                }
            },
            {
                "providerMetadata": {
                    "orgId": "af854a3a-2127-422b-91ae-364da2661108",
                    "shortName": "CVE",
                    "dateUpdated": "2024-08-01T22:43:34.946Z"
                },
                "title": "CVE Program Container",
                "references": [
                    {
                        "url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbst04630en_us",
                        "tags": [
                            "x_transferred"
                        ]
                    }
                ]
            }
        ]
    }
}