Vulnerability Details : CVE-2021-29203
A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software, prior to version 1.22. The vulnerability could be remotely exploited to bypass remote authentication leading to execution of arbitrary commands, gaining privileged access, causing denial of service, and changing the configuration. HPE has released a software update to resolve the vulnerability in the HPE Edgeline Infrastructure Manager.
Vulnerability category: Denial of service
Products affected by CVE-2021-29203
- cpe:2.3:a:hp:edgeline_infrastructure_manager:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-29203
94.85%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-29203
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2021-29203
-
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-29203
-
https://www.tenable.com/security/research/tra-2021-15
HPE Edgeline Infrastructure Manager v1.21 Authentication Bypass - Research Advisory | TenableĀ®Exploit;Third Party Advisory
-
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04124en_us
HPESBGN04124 rev.1 - HPE Edgeline Infrastructure Manager, Remote Authentication BypassVendor Advisory
Jump to