PT-2020-19397 · Hewlett Packard · Supplemental Update / Online Rom Flash Component For Linux+1

Published

2020-04-27

Updated

2021-07-21

CVE-2020-7135

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions HPE Service Pack for ProLiant (SPP) versions 2018.06.0 through 2018.11.0 Supplemental Update / Online ROM Flash Component for Linux (x64) versions prior to 2019.03.0

Description A potential security issue has been identified in the disk drive firmware installers on HPE servers running Linux. The installer in the vulnerable software component could be locally exploited to execute arbitrary code.

Recommendations For HPE Service Pack for ProLiant (SPP) versions 2018.06.0 through 2018.11.0, update to the 2019 03 SPP or later. For Supplemental Update / Online ROM Flash Component for Linux (x64) versions prior to 2019.03.0, update to a version after 2019.03.0.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2020-7135

Affected Products

Hpe Service Pack For Proliant

Supplemental Update / Online Rom Flash Component For Linux

PT-2020-19397 · Hewlett Packard · Supplemental Update / Online Rom Flash Component For Linux+1

CVE-2020-7135

Related Identifiers

Affected Products

References · 3