CVE-2021-29212

Опубликовано: 01 нояб. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Средний

Описание

A remote unauthenticated directory traversal security vulnerability has been identified in HPE iLO Amplifier Pack versions 1.80, 1.81, 1.90 and 1.95. The vulnerability could be remotely exploited to allow an unauthenticated user to run arbitrary code leading complete impact to confidentiality, integrity, and availability of the iLO Amplifier Pack appliance.

Ссылки

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04189en_us
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-1278/
Third Party Advisory
VDB Entry
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04189en_us
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-1278/
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:hp:ilo_amplifier_pack:1.80:*:*:*:*:*:*:*

cpe:2.3:a:hp:ilo_amplifier_pack:1.81:*:*:*:*:*:*:*

cpe:2.3:a:hp:ilo_amplifier_pack:1.90:*:*:*:*:*:*:*

cpe:2.3:a:hp:ilo_amplifier_pack:1.95:*:*:*:*:*:*:*

EPSS

Процентиль: 95%

0.16991

Средний

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-fxcx-w2c4-vqh5

github

больше 3 лет назад