Vulnerabilities > CVE-2021-29213 - Unspecified vulnerability in HPE products

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

hpe

NVD

Published: 2021-11-01

Updated: 2021-11-02

Summary

A potential local bypass of security restrictions vulnerability has been identified in HPE ProLiant DL20 Gen10, HPE ProLiant ML30 Gen10, and HPE ProLiant MicroServer Gen10 Plus server's system ROMs prior to version 2.52. The vulnerability could be locally exploited to cause disclosure of sensitive information, denial of service (DoS), and/or compromise system integrity.

Vulnerable Configurations

Part	Description	Count
OS	Hpe HPE Proliant Microserver Gen10 Plus Firmware * HPE Proliant Ml30 Gen10 Server Firmware * HPE Proliant Dl20 Gen10 Server Firmware *	3
Hardware	Hpe HPE Proliant Microserver Gen10 Plus - HPE Proliant Ml30 Gen10 Server - HPE Proliant Dl20 Gen10 Server -	3

References

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04197en_us