CVE-2021-42773

CWE-200Information Exposure3 documents3 sources
Severity
7.5HIGH
EPSS
0.3%
top 44.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Broadcom Emulex HBA Manager
Timeline
PublishedNov 12
Latest updateMay 24

Description

Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, could allow a user to retrieve an arbitrary file from a remote host with the GetDumpFile command. In non-secure mode, the user is unauthenticated.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

NVDbroadcom/emulex_hba_manager11.0.011.4.425.0+1

🔴Vulnerability Details

2
GHSA
GHSA-487f-h6j7-w985: Broadcom Emulex HBA Manager/One Command Manager versions before 112022-05-24
CVEList
CVE-2021-42773: Broadcom Emulex HBA Manager/One Command Manager versions before 112021-11-12
CVE-2021-42773 (HIGH CVSS 7.5) | Broadcom Emulex HBA Manager/One Com | cvebase.io