Lucene search

HpeCVE-2021-25124

HistoryJan 29, 2021 - 7:15 p.m.

CVE-2021-25124

2021-01-2919:15:13

CWE-22

hpe

web.nvd.nist.gov

cve-2021-25124

baseboard management controller

bmc

hpe

cloudline

gen9

gen10

server

firmware

vulnerability

nvd

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

Percentile

9.9%

JSON

The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local spx_restservice deletevideo_func function path traversal vulnerability.

Affected configurations

Nvd

Node

hpecloudline_cl3100_gen10_serverMatch-

AND

hpecloudline_cl3100_gen10_server_firmwareMatch1.08.0.0

hpecloudline_cl3100_gen10_server_firmwareMatch1.10.0.0

Node

hpecloudline_cl4100_gen10_serverMatch-

AND

hpecloudline_cl4100_gen10_server_firmwareMatch1.08.0.0

hpecloudline_cl4100_gen10_server_firmwareMatch1.10.0.0

Node

hpecloudline_cl5200_gen9_serverMatch-

AND

hpecloudline_cl5200_gen9_server_firmwareMatch1.07.0.0

Node

hpecloudline_cl5800_gen10_server_firmwareMatch1.08.0.0

AND

hpecloudline_cl5800_gen10_serverMatch-

Node

hpecloudline_cl5800_gen9_server_firmwareMatch1.09.0.0

AND

hpecloudline_cl5800_gen9_serverMatch-

VendorProductVersionCPE
hpecloudline_cl3100_gen10_server-cpe:2.3:h:hpe:cloudline_cl3100_gen10_server:-:*:*:*:*:*:*:*
hpecloudline_cl3100_gen10_server_firmware1.08.0.0cpe:2.3:o:hpe:cloudline_cl3100_gen10_server_firmware:1.08.0.0:*:*:*:*:*:*:*
hpecloudline_cl3100_gen10_server_firmware1.10.0.0cpe:2.3:o:hpe:cloudline_cl3100_gen10_server_firmware:1.10.0.0:*:*:*:*:*:*:*
hpecloudline_cl4100_gen10_server-cpe:2.3:h:hpe:cloudline_cl4100_gen10_server:-:*:*:*:*:*:*:*
hpecloudline_cl4100_gen10_server_firmware1.08.0.0cpe:2.3:o:hpe:cloudline_cl4100_gen10_server_firmware:1.08.0.0:*:*:*:*:*:*:*
hpecloudline_cl4100_gen10_server_firmware1.10.0.0cpe:2.3:o:hpe:cloudline_cl4100_gen10_server_firmware:1.10.0.0:*:*:*:*:*:*:*
hpecloudline_cl5200_gen9_server-cpe:2.3:h:hpe:cloudline_cl5200_gen9_server:-:*:*:*:*:*:*:*
hpecloudline_cl5200_gen9_server_firmware1.07.0.0cpe:2.3:o:hpe:cloudline_cl5200_gen9_server_firmware:1.07.0.0:*:*:*:*:*:*:*
hpecloudline_cl5800_gen10_server_firmware1.08.0.0cpe:2.3:o:hpe:cloudline_cl5800_gen10_server_firmware:1.08.0.0:*:*:*:*:*:*:*
hpecloudline_cl5800_gen10_server-cpe:2.3:h:hpe:cloudline_cl5800_gen10_server:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
hpe	cloudline_cl3100_gen10_server	-	cpe:2.3:h:hpe:cloudline_cl3100_gen10_server:-:::::::*
hpe	cloudline_cl3100_gen10_server_firmware	1.08.0.0	cpe:2.3:o:hpe:cloudline_cl3100_gen10_server_firmware:1.08.0.0:::::::*
hpe	cloudline_cl3100_gen10_server_firmware	1.10.0.0	cpe:2.3:o:hpe:cloudline_cl3100_gen10_server_firmware:1.10.0.0:::::::*
hpe	cloudline_cl4100_gen10_server	-	cpe:2.3:h:hpe:cloudline_cl4100_gen10_server:-:::::::*
hpe	cloudline_cl4100_gen10_server_firmware	1.08.0.0	cpe:2.3:o:hpe:cloudline_cl4100_gen10_server_firmware:1.08.0.0:::::::*
hpe	cloudline_cl4100_gen10_server_firmware	1.10.0.0	cpe:2.3:o:hpe:cloudline_cl4100_gen10_server_firmware:1.10.0.0:::::::*
hpe	cloudline_cl5200_gen9_server	-	cpe:2.3:h:hpe:cloudline_cl5200_gen9_server:-:::::::*
hpe	cloudline_cl5200_gen9_server_firmware	1.07.0.0	cpe:2.3:o:hpe:cloudline_cl5200_gen9_server_firmware:1.07.0.0:::::::*
hpe	cloudline_cl5800_gen10_server_firmware	1.08.0.0	cpe:2.3:o:hpe:cloudline_cl5800_gen10_server_firmware:1.08.0.0:::::::*
hpe	cloudline_cl5800_gen10_server	-	cpe:2.3:h:hpe:cloudline_cl5800_gen10_server:-:::::::*

Rows per page:

1-10 of 121

CNA Affected

[
  {
    "product": "HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Version. 1.09.0.0"
      },
      {
        "status": "affected",
        "version": "Version 1.07.0.0"
      },
      {
        "status": "affected",
        "version": "Version 1.10.0.0"
      },
      {
        "status": "affected",
        "version": "Version  1.10.0.0"
      },
      {
        "status": "affected",
        "version": "Version 1.08.0.0"
      }
    ]
  }
]

References

support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04073en_us

Social References

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

Percentile

9.9%

JSON

Related for CVE-2021-25124