CVE-2021-25130

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2021-25130
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice setactdir_func function.

7.8 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04073en_us Vendor Advisory
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:hpe:cloudline_cl3100_gen10_server_firmware:1.08.0.0:*:*:*:*:*:*:*
cpe:2.3:o:hpe:cloudline_cl3100_gen10_server_firmware:1.10.0.0:*:*:*:*:*:*:*
cpe:2.3:h:hpe:cloudline_cl3100_gen10_server:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:o:hpe:cloudline_cl4100_gen10_server_firmware:1.08.0.0:*:*:*:*:*:*:*
cpe:2.3:o:hpe:cloudline_cl4100_gen10_server_firmware:1.10.0.0:*:*:*:*:*:*:*
cpe:2.3:h:hpe:cloudline_cl4100_gen10_server:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:hpe:cloudline_cl5200_gen9_server_firmware:1.07.0.0:*:*:*:*:*:*:*
cpe:2.3:h:hpe:cloudline_cl5200_gen9_server:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:hpe:cloudline_cl5800_gen10_server_firmware:1.08.0.0:*:*:*:*:*:*:*
cpe:2.3:h:hpe:cloudline_cl5800_gen10_server:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:hpe:cloudline_cl5800_gen9_server_firmware:1.09.0.0:*:*:*:*:*:*:*
cpe:2.3:h:hpe:cloudline_cl5800_gen9_server:-:*:*:*:*:*:*:*
Information

Published : 2021-01-29 11:15

Updated : 2021-01-29 20:10

NVD link : CVE-2021-25130

Mitre link : CVE-2021-25130

JSON object : View

CWE
CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Advertisement

dedicated server usa
Products Affected

hpe

  • cloudline_cl5800_gen9_server
  • cloudline_cl5200_gen9_server_firmware
  • cloudline_cl5800_gen10_server
  • cloudline_cl5200_gen9_server
  • cloudline_cl5800_gen10_server_firmware
  • cloudline_cl5800_gen9_server_firmware
  • cloudline_cl4100_gen10_server_firmware
  • cloudline_cl3100_gen10_server
  • cloudline_cl4100_gen10_server
  • cloudline_cl3100_gen10_server_firmware