Vulnerability vector:
- Base vulnerability score (CVSSv3.1): CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity (CVSSv3.1): 7.2 (high)
- Base vulnerability score (CVSSv4.0): CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
- Severity (CVSSv4.0): 8.6 (high)
Description:
The vulnerability was identified in HPE iLO Amplifier Pack versions prior to 2.12.
These vulnerabilities could be exploited by a highly privileged user to remotely execute code that could lead to a loss of confidentiality, integrity, and availability.
Vulnerability status: Confirmed by vendor
Date of vulnerability remediation: 16.02.2022
Recommendations:
- Update to version 2.12
Additional information: Security Bulletin
Researcher: Nikita Abramov (Positive Technologies)
Identifiers:
CVE-2021-29220
BDU:2022-05030
Vendor:
HP Inc.
Vulnerable product:
HPE iLO Amplifier Pack
Vulnerable versions:
prior to 2.12