PT-2021-18131 · Hewlett Packard · Hpe Ilo Amplifier Pack

Erik De Jong

Published

2021-11-01

Updated

2021-12-04

CVE-2021-29212

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: HPE iLO Amplifier Pack versions 1.80, 1.81, 1.90, and 1.95

Description: A remote unauthenticated directory traversal security issue has been identified. This issue could be remotely exploited to allow an unauthenticated user to run arbitrary code, leading to complete impact on confidentiality, integrity, and availability of the iLO Amplifier Pack appliance.

Recommendations: For HPE iLO Amplifier Pack versions 1.80, 1.81, 1.90, and 1.95, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2021-29212

ZDI-21-1278

Affected Products

Hpe Ilo Amplifier Pack

PT-2021-18131 · Hewlett Packard · Hpe Ilo Amplifier Pack

CVE-2021-29212

Weakness Enumeration

Related Identifiers

Affected Products

References · 6