CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
30.6%
A local elevation of privilege using physical access security vulnerability was found in HPE Proliant Gen10 Servers using Intel Innovation Engine (IE). This attack requires a physical attack to the server motherboard. To mitigate this issue, ensure your server is always physically secured. HPE will not address this issue in the impacted Gen 10 servers listed. HPE recommends using appropriate physical security methods as a compensating control to disallow an attacker from having physical access to the server main circuit board.
Vendor | Product | Version | CPE |
---|---|---|---|
hp | apollo_2000 | - | cpe:2.3:h:hp:apollo_2000:-:*:*:*:*:*:*:* |
hp | apollo_2000_firmware | - | cpe:2.3:o:hp:apollo_2000_firmware:-:*:*:*:*:*:*:* |
hp | apollo_4200_gen10 | - | cpe:2.3:h:hp:apollo_4200_gen10:-:*:*:*:*:*:*:* |
hp | apollo_4200_gen10_firmware | - | cpe:2.3:o:hp:apollo_4200_gen10_firmware:-:*:*:*:*:*:*:* |
hp | apollo_4500 | - | cpe:2.3:h:hp:apollo_4500:-:*:*:*:*:*:*:* |
hp | apollo_4500_firmware | - | cpe:2.3:o:hp:apollo_4500_firmware:-:*:*:*:*:*:*:* |
hp | proliant_xl230k_gen10 | - | cpe:2.3:h:hp:proliant_xl230k_gen10:-:*:*:*:*:*:*:* |
hp | proliant_xl230k_gen10_firmware | - | cpe:2.3:o:hp:proliant_xl230k_gen10_firmware:-:*:*:*:*:*:*:* |
hp | proliant_xl270d_gen10 | - | cpe:2.3:h:hp:proliant_xl270d_gen10:-:*:*:*:*:*:*:* |
hp | proliant_xl270d_gen10_firmware | - | cpe:2.3:o:hp:proliant_xl270d_gen10_firmware:-:*:*:*:*:*:*:* |
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
30.6%