CVE-2021-25131

Name of the Vulnerable Software and Affected Versions: HPE Cloudline CL5800 Gen9 Server HPE Cloudline CL5200 Gen9 Server HPE Cloudline CL4100 Gen10 Server HPE Cloudline CL3100 Gen10 Server HPE Cloudline CL5800 Gen10 Server

Description: The Baseboard Management Controller (BMC) in the affected HPE Cloudline servers has a local buffer overflow in the setfwimagelocation func function of spx restservice. This issue may be exploited locally.

Recommendations: For HPE Cloudline CL5800 Gen9 Server, consider disabling the setfwimagelocation func function until a patch is available. For HPE Cloudline CL5200 Gen9 Server, consider disabling the setfwimagelocation func function until a patch is available. For HPE Cloudline CL4100 Gen10 Server, consider disabling the setfwimagelocation func function until a patch is available. For HPE Cloudline CL3100 Gen10 Server, consider disabling the setfwimagelocation func function until a patch is available. For HPE Cloudline CL5800 Gen10 Server, consider disabling the setfwimagelocation func function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.