CVE-2021-25124 | ByteOS Network

Vulnerability Details :

CVE-2021-25124

Assigner-hpe

Assigner Org ID-eb103674-0d28-4225-80f8-39fb86215de0

Published At-29 Jan, 2021 | 18:06

Updated At-03 Aug, 2024 | 19:56

The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local spx_restservice deletevideo_func function path traversal vulnerability.

EPSS History

Score

Latest Score

-

N/A

Percentile

Latest Percentile

-

N/A

▼Common Vulnerabilities and Exposures (CVE)

Assigner:hpe

Assigner Org ID:eb103674-0d28-4225-80f8-39fb86215de0

Published At:29 Jan, 2021 | 18:06

Updated At:03 Aug, 2024 | 19:56

▼CVE Numbering Authority (CNA)

The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local spx_restservice deletevideo_func function path traversal vulnerability.

Affected Products

Vendor

Product

HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server

Versions

Affected

Version. 1.09.0.0
Version 1.07.0.0
Version 1.10.0.0
Version 1.10.0.0
Version 1.08.0.0

Problem Types

Type	CWE ID	Description
text	N/A	local spx_restservice deletevideo_func function path traversal

Type: text

CWE ID: N/A

Description: local spx_restservice deletevideo_func function path traversal

References

Hyperlink	Resource
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04073en_us	x_refsource_MISC

Hyperlink: https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04073en_us

Resource:

x_refsource_MISC

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04073en_us	x_refsource_MISC x_transferred

Hyperlink: https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04073en_us

Resource:

x_refsource_MISC

x_transferred

▼National Vulnerability Database (NVD)

Source:security-alert@hpe.com

Published At:29 Jan, 2021 | 19:15

Updated At:30 Jan, 2021 | 04:18

The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local spx_restservice deletevideo_func function path traversal vulnerability.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary	2.0	7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C

Type: Primary

Version: 3.1

Base score: 7.8

Base severity: HIGH

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Type: Primary

Version: 2.0

Base score: 7.2

Base severity: HIGH

Vector:

AV:L/AC:L/Au:N/C:C/I:C/A:C

CPE Matches

Hewlett Packard Enterprise (HPE)

>>cloudline_cl3100_gen10_server>>-

cpe:2.3:h:hpe:cloudline_cl3100_gen10_server:-:*:*:*:*:*:*:*

Hewlett Packard Enterprise (HPE)

>>cloudline_cl3100_gen10_server_firmware>>1.08.0.0

cpe:2.3:o:hpe:cloudline_cl3100_gen10_server_firmware:1.08.0.0:*:*:*:*:*:*:*

Hewlett Packard Enterprise (HPE)

>>cloudline_cl3100_gen10_server_firmware>>1.10.0.0

cpe:2.3:o:hpe:cloudline_cl3100_gen10_server_firmware:1.10.0.0:*:*:*:*:*:*:*

Hewlett Packard Enterprise (HPE)

>>cloudline_cl4100_gen10_server>>-

cpe:2.3:h:hpe:cloudline_cl4100_gen10_server:-:*:*:*:*:*:*:*

Hewlett Packard Enterprise (HPE)

>>cloudline_cl4100_gen10_server_firmware>>1.08.0.0

cpe:2.3:o:hpe:cloudline_cl4100_gen10_server_firmware:1.08.0.0:*:*:*:*:*:*:*

Hewlett Packard Enterprise (HPE)

>>cloudline_cl4100_gen10_server_firmware>>1.10.0.0

cpe:2.3:o:hpe:cloudline_cl4100_gen10_server_firmware:1.10.0.0:*:*:*:*:*:*:*

Hewlett Packard Enterprise (HPE)

>>cloudline_cl5200_gen9_server>>-

cpe:2.3:h:hpe:cloudline_cl5200_gen9_server:-:*:*:*:*:*:*:*

Hewlett Packard Enterprise (HPE)

>>cloudline_cl5200_gen9_server_firmware>>1.07.0.0

cpe:2.3:o:hpe:cloudline_cl5200_gen9_server_firmware:1.07.0.0:*:*:*:*:*:*:*

Hewlett Packard Enterprise (HPE)

>>cloudline_cl5800_gen10_server_firmware>>1.08.0.0

cpe:2.3:o:hpe:cloudline_cl5800_gen10_server_firmware:1.08.0.0:*:*:*:*:*:*:*

Hewlett Packard Enterprise (HPE)

>>cloudline_cl5800_gen10_server>>-

cpe:2.3:h:hpe:cloudline_cl5800_gen10_server:-:*:*:*:*:*:*:*

Hewlett Packard Enterprise (HPE)

>>cloudline_cl5800_gen9_server_firmware>>1.09.0.0

cpe:2.3:o:hpe:cloudline_cl5800_gen9_server_firmware:1.09.0.0:*:*:*:*:*:*:*

Hewlett Packard Enterprise (HPE)

>>cloudline_cl5800_gen9_server>>-

cpe:2.3:h:hpe:cloudline_cl5800_gen9_server:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-22	Primary	nvd@nist.gov

CWE ID: CWE-22

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04073en_us	security-alert@hpe.com	Vendor Advisory

Hyperlink: https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04073en_us

Source: security-alert@hpe.com

Resource:

Vendor Advisory