CVE-2021-29203

nvd nist nuclei

Published: May 6, 2021Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software, prior to version 1.22. The vulnerability could be remotely exploited to bypass remote authentication leading to execution of arbitrary commands, gaining privileged access, causing denial of service, and changing the configuration. HPE has released a software update to resolve the vulnerability in the HPE Edgeline Infrastructure Manager.

Affected (1)

Products: Hp: Edgeline Infrastructure Manager

1 product

Edgeline Infrastructure Manager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Hp Edgeline Infrastructure Manager	Before 1.22

Related CWEs

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (4)

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04124en_us

Source: security-alert@hpe.com

Vendor Advisory

https://www.tenable.com/security/research/tra-2021-15

Source: security-alert@hpe.com

ExploitThird Party Advisory

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04124en_us

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.tenable.com/security/research/tra-2021-15

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.