High severity vulnerabilities in HPE ProLiant and HPE Edgeline Servers Using BIOS (PixieFail) (CVE-2023-45229, CVE-2023-45230, CVE-2023-45234, CVE-2023-45235, CVE-2021-38575)

Published On: May 31, 2024 19:20

Advisory No: TZCERT/SA/2024/05/31-2

Source: Hewlett-Packard (HP)

Software Affected:  Servers

Overview

Description

Advisory No: TZCERT/SA/2024/05/31-2

Date of First Release: 31st May 2024

Source: Hewlett-Packard (HP)

Software Affected:  Servers

Overview:

HPE ProLiant and HPE Edgeline Servers are vulnerable to multiple high severity vulnerabilities. The attackers can leverage the vulnerabilities to take control of the affected system.

Description:

The five high-severity vulnerabilities among other vulnerabilities affecting the HPE ProLiant and Edgeline servers are tracked as CVE-2023-45229, CVE-2023-45230, CVE-2023-45234, CVE-2023-45235 and CVE-2021-38575. These vulnerabilities could be remotely exploited to allow remote code execution, denial of service, information disclosure and local unauthorized access.

Impact:

Successful exploitation of these vulnerabilities may allow an attacker to take control of the vulnerable system

Solution:

HP has released security patches for these vulnerabilities. Users and administrators are encouraged to apply necessary updates.

References:

  1. https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbhf04593en_us&docLocale=en_US

Impact

Solution

References

Subscribe To TZ - CERT Newsletter

A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.

Subscribe
Report Incident