CVE-2021-42774

Name of the Vulnerable Software and Affected Versions Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 Broadcom Emulex HBA Manager/One Command Manager versions before 12.8.542.31

Description The issue is related to a buffer overflow vulnerability in the remote firmware download feature. This could allow remote unauthenticated users to perform various attacks, particularly when the software is not installed in Strictly Local Management mode. In non-secure mode, users are considered unauthenticated.

Recommendations For versions before 11.4.425.0, update to version 11.4.425.0 or later to resolve the issue. For versions before 12.8.542.31, update to version 12.8.542.31 or later to resolve the issue. As a temporary workaround, consider installing the software in Strictly Local Management mode to minimize the risk of exploitation.