CVE-2021-26577

Name of the Vulnerable Software and Affected Versions HPE Apollo 70 System versions prior to 3.0.14.0

Description The issue concerns a local buffer overflow in the uploadsshkey function of libifc.so within the Baseboard Management Controller (BMC) firmware. This is a type of security flaw where more data is written to a buffer than it is designed to hold, which can cause the extra data to spill over into adjacent areas of memory, potentially leading to a crash or execution of malicious code. The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited.

Recommendations For HPE Apollo 70 System versions prior to 3.0.14.0, update to version 3.0.14.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the uploadsshkey function in libifc.so until a patch is applied.