CVE-2021-42774

CWE-120Classic Buffer Overflow3 documents3 sources
Severity
9.8CRITICAL
EPSS
1.1%
top 21.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Broadcom Emulex HBA Manager
Timeline
PublishedNov 12
Latest updateMay 24

Description

Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a buffer overflow vulnerability in the remote firmware download feature that could allow remote unauthenticated users to perform various attacks. In non-secure mode, the user is unauthenticated.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

NVDbroadcom/emulex_hba_manager11.0.011.4.425.0+1

🔴Vulnerability Details

2
GHSA
GHSA-mr9f-f2w7-mmmf: Broadcom Emulex HBA Manager/One Command Manager versions before 112022-05-24
CVEList
CVE-2021-42774: Broadcom Emulex HBA Manager/One Command Manager versions before 112021-11-12
CVE-2021-42774 (CRITICAL CVSS 9.8) | Broadcom Emulex HBA Manager/One Com | cvebase.io