CVE-2021-29213
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
6.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.1%
A potential local bypass of security restrictions vulnerability has been identified in HPE ProLiant DL20 Gen10, HPE ProLiant ML30 Gen10, and HPE ProLiant MicroServer Gen10 Plus server’s system ROMs prior to version 2.52. The vulnerability could be locally exploited to cause disclosure of sensitive information, denial of service (DoS), and/or compromise system integrity.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| hpe:proliant_microserver_gen10_plus_firmware | hpe proliant microserver gen10 plus firmware | lt | 2.52 |
CNA Affected
[
{
"product": "HPE ProLiant ML30 Gen10 Server; HPE ProLiant DL20 Gen10 Server; HPE ProLiant MicroServer Gen10 Plus",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to system ROM v2.52"
}
]
}
]Related
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
6.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.1%