CVE-2021-29202

EPSS 0.07%
Veröffentlicht 25.05.2021 14:15:07
Zuletzt bearbeitet 21.11.2024 06:00:48
Quelle security-alert@hpe.com
Teams Watchlist Login
Unerledigt Login

A local buffer overflow vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 325; HPE SimpliVity 380 Gen10 H version(s): Prior to version 2.78.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Hp ≫ Integrated Lights-out 4 Version < 2.78

Hp ≫ Simplivity 380 Gen9 Version-

Hp ≫ Integrated Lights-out 5 Version < 2.44

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.182

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.7	0.8	5.9	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04134en_us

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-29202

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-29202

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-29202

EUVD