Lucene search

[email protected]CVE-2021-25124

HistoryJan 29, 2021 - 7:15 p.m.

CVE-2021-25124

2021-01-2919:15:13

CWE-22

[email protected]

web.nvd.nist.gov

cve-2021-25124

baseboard management controller

bmc

hpe

cloudline

gen9

gen10

server

firmware

vulnerability

nvd

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.9%

JSON

The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local spx_restservice deletevideo_func function path traversal vulnerability.

Affected configurations

NVD

Node

hpecloudline_cl3100_gen10_serverMatch-

AND

hpecloudline_cl3100_gen10_server_firmwareMatch1.08.0.0

hpecloudline_cl3100_gen10_server_firmwareMatch1.10.0.0

Node

hpecloudline_cl4100_gen10_serverMatch-

AND

hpecloudline_cl4100_gen10_server_firmwareMatch1.08.0.0

hpecloudline_cl4100_gen10_server_firmwareMatch1.10.0.0

Node

hpecloudline_cl5200_gen9_serverMatch-

AND

hpecloudline_cl5200_gen9_server_firmwareMatch1.07.0.0

Node

hpecloudline_cl5800_gen10_server_firmwareMatch1.08.0.0

AND

hpecloudline_cl5800_gen10_serverMatch-

Node

hpecloudline_cl5800_gen9_server_firmwareMatch1.09.0.0

AND

hpecloudline_cl5800_gen9_serverMatch-

CPENameOperatorVersion
hpe:cloudline_cl3100_gen10_server_firmwarehpe cloudline cl3100 gen10 server firmwareeq1.08.0.0
hpe:cloudline_cl3100_gen10_server_firmwarehpe cloudline cl3100 gen10 server firmwareeq1.10.0.0

CPE	Name	Operator	Version
hpe:cloudline_cl3100_gen10_server_firmware	hpe cloudline cl3100 gen10 server firmware	eq	1.08.0.0
hpe:cloudline_cl3100_gen10_server_firmware	hpe cloudline cl3100 gen10 server firmware	eq	1.10.0.0

CNA Affected

[
  {
    "product": "HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Version. 1.09.0.0"
      },
      {
        "status": "affected",
        "version": "Version 1.07.0.0"
      },
      {
        "status": "affected",
        "version": "Version 1.10.0.0"
      },
      {
        "status": "affected",
        "version": "Version  1.10.0.0"
      },
      {
        "status": "affected",
        "version": "Version 1.08.0.0"
      }
    ]
  }
]

References

support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04073en_us

Social References

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.9%

JSON

Related for CVE-2021-25124

prion1 cvelist1 nvd1