Multiple vulnerabilities in Certain HPE Storage Products using Certain Intel Processor BIOS



Published: 2023-03-21
Risk Low
Patch available YES
Number of vulnerabilities 11
CVE-ID CVE-2021-0154
CVE-2021-0153
CVE-2021-33123
CVE-2021-0190
CVE-2021-33122
CVE-2021-0189
CVE-2021-33124
CVE-2021-33103
CVE-2021-0159
CVE-2021-0188
CVE-2021-0155
CWE-ID CWE-20
CWE-787
CWE-284
CWE-248
CWE-691
CWE-823
CWE-441
CWE-466
CWE-252
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe
StoreVirtual 3000 Storage
Hardware solutions / Firmware

HPE StoreEasy 3850 Gateway Storage Blade
Hardware solutions / Firmware

HPE StoreEasy 3850 Gateway Storage
Hardware solutions / Firmware

HPE StoreEasy 1850 Storage
Hardware solutions / Firmware

HPE StoreEasy 1650 Storage
Hardware solutions / Firmware

HPE StoreEasy 1650 Expanded Storage
Hardware solutions / Firmware

HPE StoreEasy 1550 Storage
Hardware solutions / Firmware

HPE StoreEasy 1450 Storage
Hardware solutions / Firmware

HPE 3PAR StoreServ File Controller v3 System
Hardware solutions / Firmware

HPE 3PAR StoreServ File Controller
Hardware solutions / Firmware

HPE Storage Performance File Controller
Hardware solutions / Firmware

HPE Storage File Controller
Hardware solutions / Firmware

HPE StoreEasy 1860 Storage
Hardware solutions / Firmware

HPE StoreEasy 1860 Performance Storage
Hardware solutions / Firmware

HPE StoreEasy 1660 Storage
Hardware solutions / Firmware

HPE StoreEasy 1660 Performance Storage
Hardware solutions / Firmware

HPE StoreEasy 1660 Expanded Storage
Hardware solutions / Firmware

HPE StoreEasy 1560 Storage
Hardware solutions / Firmware

HPE StoreEasy 1460 Storage
Hardware solutions / Firmware

Vendor HPE

Security Bulletin

This security bulletin contains information about 11 vulnerabilities.

1) Input validation error

EUVDB-ID: #VU63081

Risk: Low

CVSSv3.1: 7.1 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-0154

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insufficient validation of user-supplied input in the BIOS firmware. A local user can escalate privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

StoreVirtual 3000 Storage: before 2.96_05_17_2022

HPE StoreEasy 3850 Gateway Storage Blade: before 2.96_05_17_2022

HPE StoreEasy 3850 Gateway Storage: before 2.96_05_17_2022

HPE StoreEasy 1850 Storage: before 2.96_05_17_2022

HPE StoreEasy 1650 Storage: before 2.96_05_17_2022

HPE StoreEasy 1650 Expanded Storage: before 2.96_05_17_2022

HPE StoreEasy 1550 Storage: before 2.96_05_17_2022

HPE StoreEasy 1450 Storage: before 2.96_05_17_2022

HPE 3PAR StoreServ File Controller v3 System: before 2.96_05_17_2022

HPE 3PAR StoreServ File Controller: before 2.96_05_17_2022

HPE Storage Performance File Controller: before 2.66_05_17_2022

HPE Storage File Controller: before 2.66_05_17_2022

HPE StoreEasy 1860 Storage: before 2.66_05_17_2022

HPE StoreEasy 1860 Performance Storage: before 2.66_05_17_2022

HPE StoreEasy 1660 Storage: before 2.66_05_17_2022

HPE StoreEasy 1660 Performance Storage: before 2.66_05_17_2022

HPE StoreEasy 1660 Expanded Storage: before 2.66_05_17_2022

HPE StoreEasy 1560 Storage: before 2.66_05_17_2022

HPE StoreEasy 1460 Storage: before 2.66_05_17_2022

CPE2.3
External links

http://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbst04294en_us


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Out-of-bounds write

EUVDB-ID: #VU63082

Risk: Low

CVSSv3.1: 7.1 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-0153

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in the BIOS firmware. A local user can  run a specially crafted program to trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

StoreVirtual 3000 Storage: before 2.96_05_17_2022

HPE StoreEasy 3850 Gateway Storage Blade: before 2.96_05_17_2022

HPE StoreEasy 3850 Gateway Storage: before 2.96_05_17_2022

HPE StoreEasy 1850 Storage: before 2.96_05_17_2022

HPE StoreEasy 1650 Storage: before 2.96_05_17_2022

HPE StoreEasy 1650 Expanded Storage: before 2.96_05_17_2022

HPE StoreEasy 1550 Storage: before 2.96_05_17_2022

HPE StoreEasy 1450 Storage: before 2.96_05_17_2022

HPE 3PAR StoreServ File Controller v3 System: before 2.96_05_17_2022

HPE 3PAR StoreServ File Controller: before 2.96_05_17_2022

HPE Storage Performance File Controller: before 2.66_05_17_2022

HPE Storage File Controller: before 2.66_05_17_2022

HPE StoreEasy 1860 Storage: before 2.66_05_17_2022

HPE StoreEasy 1860 Performance Storage: before 2.66_05_17_2022

HPE StoreEasy 1660 Storage: before 2.66_05_17_2022

HPE StoreEasy 1660 Performance Storage: before 2.66_05_17_2022

HPE StoreEasy 1660 Expanded Storage: before 2.66_05_17_2022

HPE StoreEasy 1560 Storage: before 2.66_05_17_2022

HPE StoreEasy 1460 Storage: before 2.66_05_17_2022

CPE2.3
External links

http://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbst04294en_us


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper access control

EUVDB-ID: #VU63083

Risk: Low

CVSSv3.1: 6.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-33123

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system

The vulnerability exists due to improper access restrictions in the BIOS authenticated code module. A local user can obtain elevated privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

StoreVirtual 3000 Storage: before 2.96_05_17_2022

HPE StoreEasy 3850 Gateway Storage Blade: before 2.96_05_17_2022

HPE StoreEasy 3850 Gateway Storage: before 2.96_05_17_2022

HPE StoreEasy 1850 Storage: before 2.96_05_17_2022

HPE StoreEasy 1650 Storage: before 2.96_05_17_2022

HPE StoreEasy 1650 Expanded Storage: before 2.96_05_17_2022

HPE StoreEasy 1550 Storage: before 2.96_05_17_2022

HPE StoreEasy 1450 Storage: before 2.96_05_17_2022

HPE 3PAR StoreServ File Controller v3 System: before 2.96_05_17_2022

HPE 3PAR StoreServ File Controller: before 2.96_05_17_2022

HPE Storage Performance File Controller: before 2.66_05_17_2022

HPE Storage File Controller: before 2.66_05_17_2022

HPE StoreEasy 1860 Storage: before 2.66_05_17_2022

HPE StoreEasy 1860 Performance Storage: before 2.66_05_17_2022

HPE StoreEasy 1660 Storage: before 2.66_05_17_2022

HPE StoreEasy 1660 Performance Storage: before 2.66_05_17_2022

HPE StoreEasy 1660 Expanded Storage: before 2.66_05_17_2022

HPE StoreEasy 1560 Storage: before 2.66_05_17_2022

HPE StoreEasy 1460 Storage: before 2.66_05_17_2022

CPE2.3
External links

http://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbst04294en_us


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Uncaught Exception

EUVDB-ID: #VU63099

Risk: Low

CVSSv3.1: 7.1 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-0190

CWE-ID: CWE-248 - Uncaught Exception

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to uncaught exception in the BIOS firmware. A local user can run a specially crafted program to execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

StoreVirtual 3000 Storage: before 2.96_05_17_2022

HPE StoreEasy 3850 Gateway Storage Blade: before 2.96_05_17_2022

HPE StoreEasy 3850 Gateway Storage: before 2.96_05_17_2022

HPE StoreEasy 1850 Storage: before 2.96_05_17_2022

HPE StoreEasy 1650 Storage: before 2.96_05_17_2022

HPE StoreEasy 1650 Expanded Storage: before 2.96_05_17_2022

HPE StoreEasy 1550 Storage: before 2.96_05_17_2022

HPE StoreEasy 1450 Storage: before 2.96_05_17_2022

HPE 3PAR StoreServ File Controller v3 System: before 2.96_05_17_2022

HPE 3PAR StoreServ File Controller: before 2.96_05_17_2022

HPE Storage Performance File Controller: before 2.66_05_17_2022

HPE Storage File Controller: before 2.66_05_17_2022

HPE StoreEasy 1860 Storage: before 2.66_05_17_2022

HPE StoreEasy 1860 Performance Storage: before 2.66_05_17_2022

HPE StoreEasy 1660 Storage: before 2.66_05_17_2022

HPE StoreEasy 1660 Performance Storage: before 2.66_05_17_2022

HPE StoreEasy 1660 Expanded Storage: before 2.66_05_17_2022

HPE StoreEasy 1560 Storage: before 2.66_05_17_2022

HPE StoreEasy 1460 Storage: before 2.66_05_17_2022

CPE2.3
External links

http://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbst04294en_us


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Insufficient Control Flow Management

EUVDB-ID: #VU63175

Risk: Low

CVSSv3.1: 6.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-33122

CWE-ID: CWE-691 - Insufficient Control Flow Management

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insufficient control flow management in the BIOS firmware. A local user can run a specially crafted program to execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

StoreVirtual 3000 Storage: before 2.96_05_17_2022

HPE StoreEasy 3850 Gateway Storage Blade: before 2.96_05_17_2022

HPE StoreEasy 3850 Gateway Storage: before 2.96_05_17_2022

HPE StoreEasy 1850 Storage: before 2.96_05_17_2022

HPE StoreEasy 1650 Storage: before 2.96_05_17_2022

HPE StoreEasy 1650 Expanded Storage: before 2.96_05_17_2022

HPE StoreEasy 1550 Storage: before 2.96_05_17_2022

HPE StoreEasy 1450 Storage: before 2.96_05_17_2022

HPE 3PAR StoreServ File Controller v3 System: before 2.96_05_17_2022

HPE 3PAR StoreServ File Controller: before 2.96_05_17_2022

HPE Storage Performance File Controller: before 2.66_05_17_2022

HPE Storage File Controller: before 2.66_05_17_2022

HPE StoreEasy 1860 Storage: before 2.66_05_17_2022

HPE StoreEasy 1860 Performance Storage: before 2.66_05_17_2022

HPE StoreEasy 1660 Storage: before 2.66_05_17_2022

HPE StoreEasy 1660 Performance Storage: before 2.66_05_17_2022

HPE StoreEasy 1660 Expanded Storage: before 2.66_05_17_2022

HPE StoreEasy 1560 Storage: before 2.66_05_17_2022

HPE StoreEasy 1460 Storage: before 2.66_05_17_2022

CPE2.3
External links

http://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbst04294en_us


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Use of Out-of-range Pointer Offset

EUVDB-ID: #VU63176

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-0189

CWE-ID: CWE-823 - Use of Out-of-range Pointer Offset

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to use of out-of-range pointer offset in the BIOS firmware. A local user can execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

StoreVirtual 3000 Storage: before 2.96_05_17_2022

HPE StoreEasy 3850 Gateway Storage Blade: before 2.96_05_17_2022

HPE StoreEasy 3850 Gateway Storage: before 2.96_05_17_2022

HPE StoreEasy 1850 Storage: before 2.96_05_17_2022

HPE StoreEasy 1650 Storage: before 2.96_05_17_2022

HPE StoreEasy 1650 Expanded Storage: before 2.96_05_17_2022

HPE StoreEasy 1550 Storage: before 2.96_05_17_2022

HPE StoreEasy 1450 Storage: before 2.96_05_17_2022

HPE 3PAR StoreServ File Controller v3 System: before 2.96_05_17_2022

HPE 3PAR StoreServ File Controller: before 2.96_05_17_2022

HPE Storage Performance File Controller: before 2.66_05_17_2022

HPE Storage File Controller: before 2.66_05_17_2022

HPE StoreEasy 1860 Storage: before 2.66_05_17_2022

HPE StoreEasy 1860 Performance Storage: before 2.66_05_17_2022

HPE StoreEasy 1660 Storage: before 2.66_05_17_2022

HPE StoreEasy 1660 Performance Storage: before 2.66_05_17_2022

HPE StoreEasy 1660 Expanded Storage: before 2.66_05_17_2022

HPE StoreEasy 1560 Storage: before 2.66_05_17_2022

HPE StoreEasy 1460 Storage: before 2.66_05_17_2022

CPE2.3
External links

http://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbst04294en_us


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Out-of-bounds write

EUVDB-ID: #VU63177

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-33124

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in the BIOS authenticated code module. A local user can run a specially crafted program to trigger an out-of-bounds write error and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

StoreVirtual 3000 Storage: before 2.96_05_17_2022

HPE StoreEasy 3850 Gateway Storage Blade: before 2.96_05_17_2022

HPE StoreEasy 3850 Gateway Storage: before 2.96_05_17_2022

HPE StoreEasy 1850 Storage: before 2.96_05_17_2022

HPE StoreEasy 1650 Storage: before 2.96_05_17_2022

HPE StoreEasy 1650 Expanded Storage: before 2.96_05_17_2022

HPE StoreEasy 1550 Storage: before 2.96_05_17_2022

HPE StoreEasy 1450 Storage: before 2.96_05_17_2022

HPE 3PAR StoreServ File Controller v3 System: before 2.96_05_17_2022

HPE 3PAR StoreServ File Controller: before 2.96_05_17_2022

HPE Storage Performance File Controller: before 2.66_05_17_2022

HPE Storage File Controller: before 2.66_05_17_2022

HPE StoreEasy 1860 Storage: before 2.66_05_17_2022

HPE StoreEasy 1860 Performance Storage: before 2.66_05_17_2022

HPE StoreEasy 1660 Storage: before 2.66_05_17_2022

HPE StoreEasy 1660 Performance Storage: before 2.66_05_17_2022

HPE StoreEasy 1660 Expanded Storage: before 2.66_05_17_2022

HPE StoreEasy 1560 Storage: before 2.66_05_17_2022

HPE StoreEasy 1460 Storage: before 2.66_05_17_2022

CPE2.3
External links

http://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbst04294en_us


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Unintended proxy or intermediary

EUVDB-ID: #VU63178

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-33103

CWE-ID: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to presence of an unintended proxy in the BIOS authenticated code module. A local user can execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

StoreVirtual 3000 Storage: before 2.96_05_17_2022

HPE StoreEasy 3850 Gateway Storage Blade: before 2.96_05_17_2022

HPE StoreEasy 3850 Gateway Storage: before 2.96_05_17_2022

HPE StoreEasy 1850 Storage: before 2.96_05_17_2022

HPE StoreEasy 1650 Storage: before 2.96_05_17_2022

HPE StoreEasy 1650 Expanded Storage: before 2.96_05_17_2022

HPE StoreEasy 1550 Storage: before 2.96_05_17_2022

HPE StoreEasy 1450 Storage: before 2.96_05_17_2022

HPE 3PAR StoreServ File Controller v3 System: before 2.96_05_17_2022

HPE 3PAR StoreServ File Controller: before 2.96_05_17_2022

HPE Storage Performance File Controller: before 2.66_05_17_2022

HPE Storage File Controller: before 2.66_05_17_2022

HPE StoreEasy 1860 Storage: before 2.66_05_17_2022

HPE StoreEasy 1860 Performance Storage: before 2.66_05_17_2022

HPE StoreEasy 1660 Storage: before 2.66_05_17_2022

HPE StoreEasy 1660 Performance Storage: before 2.66_05_17_2022

HPE StoreEasy 1660 Expanded Storage: before 2.66_05_17_2022

HPE StoreEasy 1560 Storage: before 2.66_05_17_2022

HPE StoreEasy 1460 Storage: before 2.66_05_17_2022

CPE2.3
External links

http://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbst04294en_us


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Input validation error

EUVDB-ID: #VU63179

Risk: Low

CVSSv3.1: 6.4 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-0159

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insufficient validation of user-supplied input in the BIOS authenticated code module. A local user can pass specially crafted data to the affected module and execute arbitrary code on the system with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

StoreVirtual 3000 Storage: before 2.96_05_17_2022

HPE StoreEasy 3850 Gateway Storage Blade: before 2.96_05_17_2022

HPE StoreEasy 3850 Gateway Storage: before 2.96_05_17_2022

HPE StoreEasy 1850 Storage: before 2.96_05_17_2022

HPE StoreEasy 1650 Storage: before 2.96_05_17_2022

HPE StoreEasy 1650 Expanded Storage: before 2.96_05_17_2022

HPE StoreEasy 1550 Storage: before 2.96_05_17_2022

HPE StoreEasy 1450 Storage: before 2.96_05_17_2022

HPE 3PAR StoreServ File Controller v3 System: before 2.96_05_17_2022

HPE 3PAR StoreServ File Controller: before 2.96_05_17_2022

HPE Storage Performance File Controller: before 2.66_05_17_2022

HPE Storage File Controller: before 2.66_05_17_2022

HPE StoreEasy 1860 Storage: before 2.66_05_17_2022

HPE StoreEasy 1860 Performance Storage: before 2.66_05_17_2022

HPE StoreEasy 1660 Storage: before 2.66_05_17_2022

HPE StoreEasy 1660 Performance Storage: before 2.66_05_17_2022

HPE StoreEasy 1660 Expanded Storage: before 2.66_05_17_2022

HPE StoreEasy 1560 Storage: before 2.66_05_17_2022

HPE StoreEasy 1460 Storage: before 2.66_05_17_2022

CPE2.3
External links

http://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbst04294en_us


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Return of pointer value outside of expected range

EUVDB-ID: #VU63180

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-0188

CWE-ID: CWE-466 - Return of pointer value outside of expected range

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a boundary error in the BIOS firmware. A local user can force the firmware to return pointer value outside of expected range and gain access to potentially sensitive information.


Mitigation

Install update from vendor's website.

Vulnerable software versions

StoreVirtual 3000 Storage: before 2.96_05_17_2022

HPE StoreEasy 3850 Gateway Storage Blade: before 2.96_05_17_2022

HPE StoreEasy 3850 Gateway Storage: before 2.96_05_17_2022

HPE StoreEasy 1850 Storage: before 2.96_05_17_2022

HPE StoreEasy 1650 Storage: before 2.96_05_17_2022

HPE StoreEasy 1650 Expanded Storage: before 2.96_05_17_2022

HPE StoreEasy 1550 Storage: before 2.96_05_17_2022

HPE StoreEasy 1450 Storage: before 2.96_05_17_2022

HPE 3PAR StoreServ File Controller v3 System: before 2.96_05_17_2022

HPE 3PAR StoreServ File Controller: before 2.96_05_17_2022

HPE Storage Performance File Controller: before 2.66_05_17_2022

HPE Storage File Controller: before 2.66_05_17_2022

HPE StoreEasy 1860 Storage: before 2.66_05_17_2022

HPE StoreEasy 1860 Performance Storage: before 2.66_05_17_2022

HPE StoreEasy 1660 Storage: before 2.66_05_17_2022

HPE StoreEasy 1660 Performance Storage: before 2.66_05_17_2022

HPE StoreEasy 1660 Expanded Storage: before 2.66_05_17_2022

HPE StoreEasy 1560 Storage: before 2.66_05_17_2022

HPE StoreEasy 1460 Storage: before 2.66_05_17_2022

CPE2.3
External links

http://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbst04294en_us


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Unchecked Return Value

EUVDB-ID: #VU63181

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-0155

CWE-ID: CWE-252 - Unchecked Return Value

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to unchecked return value in the BIOS firmware. A local user can gain access to potentially sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

StoreVirtual 3000 Storage: before 2.96_05_17_2022

HPE StoreEasy 3850 Gateway Storage Blade: before 2.96_05_17_2022

HPE StoreEasy 3850 Gateway Storage: before 2.96_05_17_2022

HPE StoreEasy 1850 Storage: before 2.96_05_17_2022

HPE StoreEasy 1650 Storage: before 2.96_05_17_2022

HPE StoreEasy 1650 Expanded Storage: before 2.96_05_17_2022

HPE StoreEasy 1550 Storage: before 2.96_05_17_2022

HPE StoreEasy 1450 Storage: before 2.96_05_17_2022

HPE 3PAR StoreServ File Controller v3 System: before 2.96_05_17_2022

HPE 3PAR StoreServ File Controller: before 2.96_05_17_2022

HPE Storage Performance File Controller: before 2.66_05_17_2022

HPE Storage File Controller: before 2.66_05_17_2022

HPE StoreEasy 1860 Storage: before 2.66_05_17_2022

HPE StoreEasy 1860 Performance Storage: before 2.66_05_17_2022

HPE StoreEasy 1660 Storage: before 2.66_05_17_2022

HPE StoreEasy 1660 Performance Storage: before 2.66_05_17_2022

HPE StoreEasy 1660 Expanded Storage: before 2.66_05_17_2022

HPE StoreEasy 1560 Storage: before 2.66_05_17_2022

HPE StoreEasy 1460 Storage: before 2.66_05_17_2022

CPE2.3
External links

http://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbst04294en_us


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###