PT-2022-11: Remote Buffer Overflow in HPE iLO Amplifier Pack

HIGH

(8.6) CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

THREATSCAPE

Analytics articles

What are the security threats on your network?

Check your traffic-for free

Request pilot

Vulnerability vector:

Base vulnerability score (CVSSv3.1): CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity (CVSSv3.1): 7.2 (high)
Base vulnerability score (CVSSv4.0): CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Severity (CVSSv4.0): 8.6 (high)

Description:

The vulnerability was identified in HPE iLO Amplifier Pack versions prior to 2.12.

These vulnerabilities could be exploited by a highly privileged user to remotely execute code that could lead to a loss of confidentiality, integrity, and availability.

Vulnerability status: Confirmed by vendor

Date of vulnerability remediation: 16.02.2022

Recommendations:

Update to version 2.12

Additional information: Security Bulletin

Researcher: Nikita Abramov (Positive Technologies)

Identifier:

CVE-2021-29220

BDU:2022-05030

Vendor:

HP Inc.

Vulnerable product:

HPE iLO Amplifier Pack

Vulnerable version:

prior to 2.12

Get in touch

Fill in the form and our specialists
will contact you shortly

General
questions

We're happy to answer any questions you may have.

Partnership

Join us in making the world a safer place.

Request a pilot

Test drive our solutions with a customized pilot program.