Vulnerabilities > CVE-2021-29213 - Unspecified vulnerability in HPE products

CVSS 6.7 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

hpe

NVD

Published: 2021-11-01

Updated: 2021-11-02

Summary

A potential local bypass of security restrictions vulnerability has been identified in HPE ProLiant DL20 Gen10, HPE ProLiant ML30 Gen10, and HPE ProLiant MicroServer Gen10 Plus server's system ROMs prior to version 2.52. The vulnerability could be locally exploited to cause disclosure of sensitive information, denial of service (DoS), and/or compromise system integrity.

Vulnerable Configurations

Part	Description	Count
OS	Hpe HPE Proliant Microserver Gen10 Plus Firmware * HPE Proliant Ml30 Gen10 Server Firmware * HPE Proliant Dl20 Gen10 Server Firmware *	3
Hardware	Hpe HPE Proliant Microserver Gen10 Plus - HPE Proliant Ml30 Gen10 Server - HPE Proliant Dl20 Gen10 Server -	3

References

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04197en_us