Published On: Aug 16, 2024 18:36
Advisory No: TZCERT-SA-24-0008
Source: HPE ProLiant DL/ML/SY/XL, Alletra Servers, HPE Synergy, HPE Edgeline, HPE Compute Edge Server
Software Affected: HPE ProLiant DL/ML/SY/XL, Alletra Servers, HPE Synergy, HPE Edgeline, HPE Compute Edge Server
HPE ProLiant DL/ML/SY/XL, Alletra Servers, HPE Synergy, HPE Edgeline, and HPE Compute Edge Server are vulnerable to critical severity vulnerability. The attackers can leverage the vulnerability to cause a buffer overflow.
The critical-severity vulnerability affecting several HP products has a CVSS score of 9.8 and is tracked as CVE-2021-38578. The vulnerability results from existing CommBuffer checks in SmmEntryPoint not catching underflow when computing BufferSize. Successful exploitation of this vulnerability could allow the attacker to cause a buffer overflow which may lead to code execution of the affected device.
Successful exploitation of this vulnerability may allow an attacker to take control of the vulnerable system
HP has released security patches to address the vulnerability. Users and administrators are encouraged to apply necessary updates.
A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.