CVE-2021-25168

Name of the Vulnerable Software and Affected Versions: HPE Apollo 70 System versions prior to 3.0.14.0

Description: The issue is related to a local buffer overflow in the libifc.so webupdatecomponent function within the Baseboard Management Controller (BMC) firmware. This overflow can potentially be exploited.

Recommendations: For versions prior to 3.0.14.0, update the BMC firmware to version 3.0.14.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the webupdatecomponent function in the libifc.so library until the update can be applied.