Vulnerability Details CVE-2021-29212
A remote unauthenticated directory traversal security vulnerability has been identified in HPE iLO Amplifier Pack versions 1.80, 1.81, 1.90 and 1.95. The vulnerability could be remotely exploited to allow an unauthenticated user to run arbitrary code leading complete impact to confidentiality, integrity, and availability of the iLO Amplifier Pack appliance.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.155
EPSS Ranking 94.3%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04189en_us
- https://www.zerodayinitiative.com/advisories/ZDI-21-1278/
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04189en_us
- https://www.zerodayinitiative.com/advisories/ZDI-21-1278/
Products affected by CVE-2021-29212
-
cpe:2.3:a:hp:ilo_amplifier_pack:1.80
-
cpe:2.3:a:hp:ilo_amplifier_pack:1.81
-
cpe:2.3:a:hp:ilo_amplifier_pack:1.90
-
cpe:2.3:a:hp:ilo_amplifier_pack:1.95