Lucene search

HpeCVE-2021-25133

HistoryJan 29, 2021 - 7:15 p.m.

CVE-2021-25133

2021-01-2919:15:14

CWE-120

hpe

web.nvd.nist.gov

cve-2021-25133

baseboard management controller

bmc

hpe cloudline

server

buffer overflow

nvd

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

Percentile

12.6%

JSON

The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice setradiusconfig_func function.

Affected configurations

Nvd

Node

hpecloudline_cl3100_gen10_server_firmwareMatch1.08.0.0

hpecloudline_cl3100_gen10_server_firmwareMatch1.10.0.0

AND

hpecloudline_cl3100_gen10_serverMatch-

Node

hpecloudline_cl4100_gen10_server_firmwareMatch1.08.0.0

hpecloudline_cl4100_gen10_server_firmwareMatch1.10.0.0

AND

hpecloudline_cl4100_gen10_serverMatch-

Node

hpecloudline_cl5200_gen9_server_firmwareMatch1.07.0.0

AND

hpecloudline_cl5200_gen9_serverMatch-

Node

hpecloudline_cl5800_gen10_server_firmwareMatch1.08.0.0

AND

hpecloudline_cl5800_gen10_serverMatch-

Node

hpecloudline_cl5800_gen9_server_firmwareMatch1.09.0.0

AND

hpecloudline_cl5800_gen9_serverMatch-

VendorProductVersionCPE
hpecloudline_cl3100_gen10_server_firmware1.08.0.0cpe:2.3:o:hpe:cloudline_cl3100_gen10_server_firmware:1.08.0.0:*:*:*:*:*:*:*
hpecloudline_cl3100_gen10_server_firmware1.10.0.0cpe:2.3:o:hpe:cloudline_cl3100_gen10_server_firmware:1.10.0.0:*:*:*:*:*:*:*
hpecloudline_cl3100_gen10_server-cpe:2.3:h:hpe:cloudline_cl3100_gen10_server:-:*:*:*:*:*:*:*
hpecloudline_cl4100_gen10_server_firmware1.08.0.0cpe:2.3:o:hpe:cloudline_cl4100_gen10_server_firmware:1.08.0.0:*:*:*:*:*:*:*
hpecloudline_cl4100_gen10_server_firmware1.10.0.0cpe:2.3:o:hpe:cloudline_cl4100_gen10_server_firmware:1.10.0.0:*:*:*:*:*:*:*
hpecloudline_cl4100_gen10_server-cpe:2.3:h:hpe:cloudline_cl4100_gen10_server:-:*:*:*:*:*:*:*
hpecloudline_cl5200_gen9_server_firmware1.07.0.0cpe:2.3:o:hpe:cloudline_cl5200_gen9_server_firmware:1.07.0.0:*:*:*:*:*:*:*
hpecloudline_cl5200_gen9_server-cpe:2.3:h:hpe:cloudline_cl5200_gen9_server:-:*:*:*:*:*:*:*
hpecloudline_cl5800_gen10_server_firmware1.08.0.0cpe:2.3:o:hpe:cloudline_cl5800_gen10_server_firmware:1.08.0.0:*:*:*:*:*:*:*
hpecloudline_cl5800_gen10_server-cpe:2.3:h:hpe:cloudline_cl5800_gen10_server:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
hpe	cloudline_cl3100_gen10_server_firmware	1.08.0.0	cpe:2.3:o:hpe:cloudline_cl3100_gen10_server_firmware:1.08.0.0:::::::*
hpe	cloudline_cl3100_gen10_server_firmware	1.10.0.0	cpe:2.3:o:hpe:cloudline_cl3100_gen10_server_firmware:1.10.0.0:::::::*
hpe	cloudline_cl3100_gen10_server	-	cpe:2.3:h:hpe:cloudline_cl3100_gen10_server:-:::::::*
hpe	cloudline_cl4100_gen10_server_firmware	1.08.0.0	cpe:2.3:o:hpe:cloudline_cl4100_gen10_server_firmware:1.08.0.0:::::::*
hpe	cloudline_cl4100_gen10_server_firmware	1.10.0.0	cpe:2.3:o:hpe:cloudline_cl4100_gen10_server_firmware:1.10.0.0:::::::*
hpe	cloudline_cl4100_gen10_server	-	cpe:2.3:h:hpe:cloudline_cl4100_gen10_server:-:::::::*
hpe	cloudline_cl5200_gen9_server_firmware	1.07.0.0	cpe:2.3:o:hpe:cloudline_cl5200_gen9_server_firmware:1.07.0.0:::::::*
hpe	cloudline_cl5200_gen9_server	-	cpe:2.3:h:hpe:cloudline_cl5200_gen9_server:-:::::::*
hpe	cloudline_cl5800_gen10_server_firmware	1.08.0.0	cpe:2.3:o:hpe:cloudline_cl5800_gen10_server_firmware:1.08.0.0:::::::*
hpe	cloudline_cl5800_gen10_server	-	cpe:2.3:h:hpe:cloudline_cl5800_gen10_server:-:::::::*

Rows per page:

1-10 of 121

CNA Affected

[
  {
    "product": "HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Version. 1.09.0.0"
      },
      {
        "status": "affected",
        "version": "Version 1.07.0.0"
      },
      {
        "status": "affected",
        "version": "Version 1.10.0.0"
      },
      {
        "status": "affected",
        "version": "Version  1.10.0.0"
      },
      {
        "status": "affected",
        "version": "Version 1.08.0.0"
      }
    ]
  }
]

References

support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04073en_us

Social References

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for CVE-2021-25133