CVE-2021-29202 — Classic Buffer Overflow in HP Integrated Lights-out 4

CWE-120 — Classic Buffer Overflow3 documents3 sources

Severity

6.7MEDIUMNVD

EPSS

0.1%

top 73.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

HP Integrated Lights-out 4 HP Integrated Lights-out 5

Timeline

PublishedMay 25

Latest updateMay 24

Description

A local buffer overflow vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 325; HPE SimpliVity 380 Gen10 H version(s): Prior to version 2.78.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

▶NVDhp/integrated_lights-out_4< 2.78

▶NVDhp/integrated_lights-out_5< 2.44

🔴Vulnerability Details

GHSA

GHSA-327f-g4v5-jjvp: A local buffer overflow vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO↗2022-05-24

▶

CVEList

CVE-2021-29202: A local buffer overflow vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO↗2021-05-25

▶