CVE-2021-42775

3 documents3 sources
Severity
9.1CRITICAL
EPSS
0.5%
top 35.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Broadcom Emulex HBA Manager
Timeline
PublishedNov 12
Latest updateMay 24

Description

Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a vulnerability in the remote firmware download feature that could allow a user to place or replace an arbitrary file on the remote host. In non-secure mode, the user is unauthenticated.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages1 packages

NVDbroadcom/emulex_hba_manager11.0.011.4.425.0+1

🔴Vulnerability Details

2
GHSA
GHSA-3wxv-8cx4-wg98: Broadcom Emulex HBA Manager/One Command Manager versions before 112022-05-24
CVEList
CVE-2021-42775: Broadcom Emulex HBA Manager/One Command Manager versions before 112021-11-12
CVE-2021-42775 (CRITICAL CVSS 9.1) | Broadcom Emulex HBA Manager/One Com | cvebase.io