Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a vulnerability in the remote firmware download feature that could allow a user to place or replace an arbitrary file on the remote host. In non-secure mode, the user is unauthenticated.
CPE | Name | Operator | Version |
---|---|---|---|
emulex_hba_manager | ge | 11.0.0 | |
emulex_hba_manager | lt | 11.4.425.0 | |
emulex_hba_manager | ge | 12.0.0 | |
emulex_hba_manager | lt | 12.8.542.31 |