#VU51638 Buffer overflow in Apollo 70 System - CVE-2021-26570
Published: March 23, 2021
Vulnerability identifier: #VU51638
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-26570
CWE-ID: CWE-119
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Apollo 70 System
Apollo 70 System
Software vendor:
Hewlett Packard Enterprise Development LP
Hewlett Packard Enterprise Development LP
Description
The vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the Baseboard Management Controller (BMC) firmwares in "libifc.so" webifc_setadconfig function. A local user can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install updates from vendor's website.