Buffer overflow in Apollo 70 System - CVE-2021-26570

 

Buffer overflow in Apollo 70 System - CVE-2021-26570

Published: March 23, 2021


Vulnerability identifier: #VU51638
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-26570
CWE-ID: CWE-119
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Hewlett Packard Enterprise Development LP
Affected software:
Apollo 70 System

Detailed vulnerability description

The vulnerability allows a local user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the Baseboard Management Controller (BMC) firmwares in "libifc.so" webifc_setadconfig function. A local user can trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


How to mitigate CVE-2021-26570

Install updates from vendor's website.

Sources