[security bulletin] HPESB3P03762 rev.1 - HPE C Switch Software using Cisco Prime Data Center Network Manager (DCNM), Remote Code Execution

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v
dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp
cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj
L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtaHBlc2IzcDAzNzYyZW5fdXMN
Cg0KU1VQUE9SVCBDT01NVU5JQ0FUSU9OIC0gU0VDVVJJVFkgQlVMTEVUSU4NCg0KRG9j
dW1lbnQgSUQ6IGhwZXNiM3AwMzc2MmVuX3VzDQpWZXJzaW9uOiAxDQoNCkhQRVNCM1Aw
Mzc2MiByZXYuMSAtIEhQRSBDIFN3aXRjaCBTb2Z0d2FyZSB1c2luZyBDaXNjbyBQcmlt
ZSBEYXRhIENlbnRlcg0KTmV0d29yayBNYW5hZ2VyIChEQ05NKSwgUmVtb3RlIENvZGUg
RXhlY3V0aW9uDQoNCk5PVElDRTogVGhlIGluZm9ybWF0aW9uIGluIHRoaXMgU2VjdXJp
dHkgQnVsbGV0aW4gc2hvdWxkIGJlIGFjdGVkIHVwb24gYXMNCnNvb24gYXMgcG9zc2li
bGUuDQoNClJlbGVhc2UgRGF0ZTogMjAxNy0wOC0xMA0KTGFzdCBVcGRhdGVkOiAyMDE3
LTA4LTEwDQoNClBvdGVudGlhbCBTZWN1cml0eSBJbXBhY3Q6IFJlbW90ZTogQ29kZSBF
eGVjdXRpb24NCg0KU291cmNlOiBIZXdsZXR0IFBhY2thcmQgRW50ZXJwcmlzZSwgUHJv
ZHVjdCBTZWN1cml0eSBSZXNwb25zZSBUZWFtDQoNClZVTE5FUkFCSUxJVFkgU1VNTUFS
WQ0KSFBFIFN0b3JlRmFicmljIEMtc2VyaWVzIFN3aXRjaCBTb2Z0d2FyZSB1c2VzIENp
c2NvcyBQcmltZSBEYXRhIENlbnRlcg0KTmV0d29yayBNYW5hZ2VyIChEQ05NKS4gQ2lz
Y28gaGFzIGlkZW50aWZpZWQgYSByZW1vdGUgY29kZSBleGVjdXRpb24NCnZ1bG5lcmFi
aWxpdHkgaW4gdHdvIHZlcnNpb25zIG9mIENpc2NvIFByaW1lIERhdGEgQ2VudGVyIE5l
dHdvcmsgTWFuYWdlcg0KKERDTk0pIHdoaWNoIEhQRSBoYWQgaW5jbHVkZWQgZm9yIGRv
d25sb2FkIGZvciBjdXN0b21lcnMgdW5kZXIgY29udHJhY3QgZnJvbQ0KdGhlIEhQRSBT
dXBwb3J0IENlbnRlci4gVGhlIGFmZmVjdGVkIHZlcnNpb25zIG9mIERDTk0gYXJlIDEw
LjEoMSkgYW5kDQoxMC4xKDIpLiBIUEUgYnVuZGxlZCB0aGVzZSBEQ05NIHZlcnNpb25z
IHdpdGggdGhlIGZvbGxvd2luZyBNRFMgYW5kIE5leHVzDQpmaXJtd2FyZSBkb3dubG9h
ZHM6DQoNCiAqIE1EUyA3LjMoMClEWSgxKSwgcmVsZWFzZWQgRmVicnVhcnkgMjAxNw0K
ICogTURTIDcuMygxKURZKDEpLCByZWxlYXNlZCBBcHJpbCAyMDE3DQogKiBOZXh1cyA1
LjIoMSlOMSg5YiksIHJlbGVhc2VkIE1heSAyMDE3DQoNCioqTm90ZToqKiBBIHZ1bG5l
cmFiaWxpdHkgaW4gdGhlIHJvbGUtYmFzZWQgYWNjZXNzIGNvbnRyb2wgKFJCQUMpDQpm
dW5jdGlvbmFsaXR5IG9mIENpc2NvIFByaW1lIERhdGEgQ2VudGVyIE5ldHdvcmsgTWFu
YWdlciAoRENOTSkgY291bGQgYWxsb3cNCmFuIHVuYXV0aGVudGljYXRlZCwgcmVtb3Rl
IGF0dGFja2VyIHRvIGFjY2VzcyBzZW5zaXRpdmUgaW5mb3JtYXRpb24gb3INCmV4ZWN1
dGUgYXJiaXRyYXJ5IGNvZGUgd2l0aCByb290IHByaXZpbGVnZXMgb24gYW4gYWZmZWN0
ZWQgc3lzdGVtLiBUaGUNCnZ1bG5lcmFiaWxpdHkgaXMgZHVlIHRvIHRoZSBsYWNrIG9m
IGF1dGhlbnRpY2F0aW9uIGFuZCBhdXRob3JpemF0aW9uDQptZWNoYW5pc21zIGZvciBh
IGRlYnVnZ2luZyB0b29sIHRoYXQgd2FzIGluYWR2ZXJ0ZW50bHkgZW5hYmxlZCBpbiB0
aGUNCmFmZmVjdGVkIHNvZnR3YXJlLiBBbiBhdHRhY2tlciBjb3VsZCBleHBsb2l0IHRo
aXMgdnVsbmVyYWJpbGl0eSBieSByZW1vdGVseQ0KY29ubmVjdGluZyB0byB0aGUgZGVi
dWdnaW5nIHRvb2wgdmlhIFRDUC4gQSBzdWNjZXNzZnVsIGV4cGxvaXQgY291bGQgYWxs
b3cNCnRoZSBhdHRhY2tlciB0byBhY2Nlc3Mgc2Vuc2l0aXZlIGluZm9ybWF0aW9uIGFi
b3V0IHRoZSBhZmZlY3RlZCBzb2Z0d2FyZSBvcg0KZXhlY3V0ZSBhcmJpdHJhcnkgY29k
ZSB3aXRoIHJvb3QgcHJpdmlsZWdlcyBvbiB0aGUgYWZmZWN0ZWQgc3lzdGVtLg0KDQpS
ZWZlcmVuY2VzOg0KDQogIC0gQ1ZFLTIwMTctNjYzOQ0KDQpTVVBQT1JURUQgU09GVFdB
UkUgVkVSU0lPTlMqOiBPTkxZIGltcGFjdGVkIHZlcnNpb25zIGFyZSBsaXN0ZWQuDQoN
CiAgLSBIUCBDLXNlcmllcyBTd2l0Y2ggU29mdHdhcmUgRGF0YSBDZW50ZXIgTmV0d29y
ayBNYW5hZ2VyIFZlcnNpb24gMTAuMSgxKSwNCjEwLjEoMikNCg0KQkFDS0dST1VORA0K
DQogIENWU1MgQmFzZSBNZXRyaWNzDQogID09PT09PT09PT09PT09PT09DQogIFJlZmVy
ZW5jZSwgQ1ZTUyBWMyBTY29yZS9WZWN0b3IsIENWU1MgVjIgU2NvcmUvVmVjdG9yDQoN
CiAgICBDVkUtMjAxNy02NjM5DQogICAgICAxMC4wIENWU1M6My4wL0FWOk4vQUM6TC9Q
UjpOL1VJOk4vUzpDL0M6SC9JOkgvQTpIDQogICAgICAxMC4wIChBVjpOL0FDOkwvQXU6
Ti9DOkMvSTpDL0E6QykNCg0KICAgIEluZm9ybWF0aW9uIG9uIENWU1MgaXMgZG9jdW1l
bnRlZCBpbg0KICAgIEhQRSBDdXN0b21lciBOb3RpY2UgSFBTTi0yMDA4LTAwMiBoZXJl
Og0KDQpodHRwczovL2gyMDU2NC53d3cyLmhwZS5jb20vaHBzYy9kb2MvcHVibGljL2Rp
c3BsYXk/ZG9jSWQ9ZW1yX25hLWMwMTM0NTQ5OQ0KDQpSRVNPTFVUSU9ODQoNClRoZXJl
IGFyZSBubyB3b3JrYXJvdW5kcyB0aGF0IGFkZHJlc3MgdGhpcyB2dWxuZXJhYmlsaXR5
LiBDaXNjbyBoYXMgcmVsZWFzZWQNCnNvZnR3YXJlIHVwZGF0ZXMgdGhhdCBhZGRyZXNz
IHRoaXMgdnVsbmVyYWJpbGl0eSB3aXRoIERDTk0gMTAuMigxKS4gSFBFIGhhcw0KbWFk
ZSB0aGUgdXBkYXRlcyBhdmFpbGFibGUgdG8gY3VzdG9tZXJzIHVuZGVyIGNvbnRyYWN0
IHRocm91Z2ggSFBFIFN1cHBvcnQNCkNlbnRlcjoNCg0KICogPGh0dHA6Ly93d3cuaHBl
LmNvbS9zdXBwb3J0L2hwZXNjPiANCg0KKipJdCBpcyBlc3NlbnRpYWwgdGhhdCBhbGwg
SFBFIGN1c3RvbWVycyB3aG8gaGFkIHByZXZpb3VzbHkgZG93bmxvYWRlZCBhbnkgb2YN
CnRoZSBmaXJtd2FyZSBhbmQgRENOTSBwYWNrYWdlcyBhYm92ZSBkb3dubG9hZCBhZ2Fp
biB3aXRoIHRoZSB1cGRhdGVkIHBhY2thZ2VzDQpmcm9tIHRoZSBIUEUgU3VwcG9ydCBD
ZW50ZXIuKiogQWxsIHBhY2thZ2VzIGhhdmUgYmVlbiB1cGRhdGVkIHRvIGluY2x1ZGUg
RENOTQ0KMTAuMigxKSwgYW5kIHRoZXkgYXJlIGxpc3RlZCBoZXJlOg0KDQogKiBNRFMg
Ny4zKDApRFkoMSksIHJlbGVhc2VkIEp1bmUgMjAxNw0KICogTURTIDcuMygxKURZKDEp
LCByZWxlYXNlZCBKdW5lIDIwMTcNCiAqIE5leHVzIDUuMigxKU4xKDliKSwgcmVsZWFz
ZWQgSnVuZSAyMDE3DQoNCkhJU1RPUlkNClZlcnNpb246MSAocmV2LjEpIC0gMTEgQXVn
dXN0IDIwMTcgSW5pdGlhbCByZWxlYXNlDQoNClRoaXJkIFBhcnR5IFNlY3VyaXR5IFBh
dGNoZXM6IFRoaXJkIHBhcnR5IHNlY3VyaXR5IHBhdGNoZXMgdGhhdCBhcmUgdG8gYmUN
Cmluc3RhbGxlZCBvbiBzeXN0ZW1zIHJ1bm5pbmcgSGV3bGV0dCBQYWNrYXJkIEVudGVy
cHJpc2UgKEhQRSkgc29mdHdhcmUNCnByb2R1Y3RzIHNob3VsZCBiZSBhcHBsaWVkIGlu
IGFjY29yZGFuY2Ugd2l0aCB0aGUgY3VzdG9tZXIncyBwYXRjaCBtYW5hZ2VtZW50DQpw
b2xpY3kuDQoNClN1cHBvcnQ6IEZvciBpc3N1ZXMgYWJvdXQgaW1wbGVtZW50aW5nIHRo
ZSByZWNvbW1lbmRhdGlvbnMgb2YgdGhpcyBTZWN1cml0eQ0KQnVsbGV0aW4sIGNvbnRh
Y3Qgbm9ybWFsIEhQRSBTZXJ2aWNlcyBzdXBwb3J0IGNoYW5uZWwuIEZvciBvdGhlciBp
c3N1ZXMgYWJvdXQNCnRoZSBjb250ZW50IG9mIHRoaXMgU2VjdXJpdHkgQnVsbGV0aW4s
IHNlbmQgZS1tYWlsIHRvIHNlY3VyaXR5LWFsZXJ0QGhwZS5jb20uDQoNClJlcG9ydDog
VG8gcmVwb3J0IGEgcG90ZW50aWFsIHNlY3VyaXR5IHZ1bG5lcmFiaWxpdHkgZm9yIGFu
eSBIUEUgc3VwcG9ydGVkDQpwcm9kdWN0Og0KICBXZWIgZm9ybTogaHR0cHM6Ly93d3cu
aHBlLmNvbS9pbmZvL3JlcG9ydC1zZWN1cml0eS12dWxuZXJhYmlsaXR5DQogIEVtYWls
OiBzZWN1cml0eS1hbGVydEBocGUuY29tDQoNClN1YnNjcmliZTogVG8gaW5pdGlhdGUg
YSBzdWJzY3JpcHRpb24gdG8gcmVjZWl2ZSBmdXR1cmUgSFBFIFNlY3VyaXR5IEJ1bGxl
dGluDQphbGVydHMgdmlhIEVtYWlsOiBodHRwOi8vd3d3LmhwZS5jb20vc3VwcG9ydC9T
dWJzY3JpYmVyX0Nob2ljZQ0KDQpTZWN1cml0eSBCdWxsZXRpbiBBcmNoaXZlOiBBIGxp
c3Qgb2YgcmVjZW50bHkgcmVsZWFzZWQgU2VjdXJpdHkgQnVsbGV0aW5zIGlzDQphdmFp
bGFibGUgaGVyZTogaHR0cDovL3d3dy5ocGUuY29tL3N1cHBvcnQvU2VjdXJpdHlfQnVs
bGV0aW5fQXJjaGl2ZQ0KDQpTb2Z0d2FyZSBQcm9kdWN0IENhdGVnb3J5OiBUaGUgU29m
dHdhcmUgUHJvZHVjdCBDYXRlZ29yeSBpcyByZXByZXNlbnRlZCBpbg0KdGhlIHRpdGxl
IGJ5IHRoZSB0d28gY2hhcmFjdGVycyBmb2xsb3dpbmcgSFBTQi4NCg0KM0MgPSAzQ09N
DQozUCA9IDNyZCBQYXJ0eSBTb2Z0d2FyZQ0KR04gPSBIUEUgR2VuZXJhbCBTb2Z0d2Fy
ZQ0KSEYgPSBIUEUgSGFyZHdhcmUgYW5kIEZpcm13YXJlDQpNVSA9IE11bHRpLVBsYXRm
b3JtIFNvZnR3YXJlDQpOUyA9IE5vblN0b3AgU2VydmVycw0KT1YgPSBPcGVuVk1TDQpQ
ViA9IFByb0N1cnZlDQpTVCA9IFN0b3JhZ2UgU29mdHdhcmUNClVYID0gSFAtVVgNCg0K
Q29weXJpZ2h0IDIwMTYgSGV3bGV0dCBQYWNrYXJkIEVudGVycHJpc2UNCg0KSGV3bGV0
dCBQYWNrYXJkIEVudGVycHJpc2Ugc2hhbGwgbm90IGJlIGxpYWJsZSBmb3IgdGVjaG5p
Y2FsIG9yIGVkaXRvcmlhbA0KZXJyb3JzIG9yIG9taXNzaW9ucyBjb250YWluZWQgaGVy
ZWluLiBUaGUgaW5mb3JtYXRpb24gcHJvdmlkZWQgaXMgcHJvdmlkZWQNCiJhcyBpcyIg
d2l0aG91dCB3YXJyYW50eSBvZiBhbnkga2luZC4gVG8gdGhlIGV4dGVudCBwZXJtaXR0
ZWQgYnkgbGF3LCBuZWl0aGVyDQpIUCBvciBpdHMgYWZmaWxpYXRlcywgc3ViY29udHJh
Y3RvcnMgb3Igc3VwcGxpZXJzIHdpbGwgYmUgbGlhYmxlIGZvcg0KaW5jaWRlbnRhbCxz
cGVjaWFsIG9yIGNvbnNlcXVlbnRpYWwgZGFtYWdlcyBpbmNsdWRpbmcgZG93bnRpbWUg
Y29zdDsgbG9zdA0KcHJvZml0czsgZGFtYWdlcyByZWxhdGluZyB0byB0aGUgcHJvY3Vy
ZW1lbnQgb2Ygc3Vic3RpdHV0ZSBwcm9kdWN0cyBvcg0Kc2VydmljZXM7IG9yIGRhbWFn
ZXMgZm9yIGxvc3Mgb2YgZGF0YSwgb3Igc29mdHdhcmUgcmVzdG9yYXRpb24uIFRoZQ0K
aW5mb3JtYXRpb24gaW4gdGhpcyBkb2N1bWVudCBpcyBzdWJqZWN0IHRvIGNoYW5nZSB3
aXRob3V0IG5vdGljZS4gSGV3bGV0dA0KUGFja2FyZCBFbnRlcnByaXNlIGFuZCB0aGUg
bmFtZXMgb2YgSGV3bGV0dCBQYWNrYXJkIEVudGVycHJpc2UgcHJvZHVjdHMNCnJlZmVy
ZW5jZWQgaGVyZWluIGFyZSB0cmFkZW1hcmtzIG9mIEhld2xldHQgUGFja2FyZCBFbnRl
cnByaXNlIGluIHRoZSBVbml0ZWQNClN0YXRlcyBhbmQgb3RoZXIgY291bnRyaWVzLiBP
dGhlciBwcm9kdWN0IGFuZCBjb21wYW55IG5hbWVzIG1lbnRpb25lZCBoZXJlaW4NCm1h
eSBiZSB0cmFkZW1hcmtzIG9mIHRoZWlyIHJlc3BlY3RpdmUgb3duZXJzLg0KLS0tLS1C
RUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KVmVyc2lvbjogR251UEcgdjEKCmlRRWNCQUVC
Q0FBR0JRSlpqTDR5QUFvSkVMWGhBeHQ3U1phaWFjNElBSURyNFFudmtTTUczZHRJZmRK
bStjcmcKUkN6K1Y1bWREQlJ6Y0IyUHBPdHdwMXhvVHBEWW1TYTdoTEFzQVNQRTNDNFYy
VXJvaXpSWlFhMHY1bHg2UXBlagpFVlRra0x1VnlOSVVuTjJCZy9DbTN2TU5yVGp3dnpD
ZVA2SkpteUJjaHQ1cUpYTitUd3FUTzVJZTJFdVVvbUdBClVqZ3VhUjdiM2p2NUF4c1l5
bVhiQ0EvaUpESFc5aE9YcVdqcXN0U25GRUpZbllWV2hkcXY4cVR5Q0FhQ2VnbkcKaUFh
M3lIWXRiSkhVY3JQYTNIR083aGtYdWVvdzlOc25meDEzTGg2R1R2bzAvNmZTRFVQOWZW
U0VHeW5rK1JENgpzczBTUStJdGhCS1dEbWl3T3NoSDJjSjlITlBrQlJybVE3T2xXLzl0
alVESFd5VHR0RDQvNGY1cEQxNlB6ZUE9Cj1FbHhJCi0tLS0tRU5EIFBHUCBTSUdOQVRV
UkUtLS0tLQo=