High severity vulnerabilities in HPE ProLiant and HPE Edgeline Servers Using BIOS (PixieFail) (CVE-2023-45229, CVE-2023-45230, CVE-2023-45234, CVE-2023-45235, CVE-2021-38575)

Advisory No: TZCERT/SA/2024/05/31-2

Date of First Release: 31^st May 2024

Source: Hewlett-Packard (HP)

Software Affected:  Servers

Overview:

HPE ProLiant and HPE Edgeline Servers are vulnerable to multiple high severity vulnerabilities. The attackers can leverage the vulnerabilities to take control of the affected system.

Description:

The five high-severity vulnerabilities among other vulnerabilities affecting the HPE ProLiant and Edgeline servers are tracked as CVE-2023-45229, CVE-2023-45230, CVE-2023-45234, CVE-2023-45235 and CVE-2021-38575. These vulnerabilities could be remotely exploited to allow remote code execution, denial of service, information disclosure and local unauthorized access.

Impact:

Successful exploitation of these vulnerabilities may allow an attacker to take control of the vulnerable system

Solution:

HP has released security patches for these vulnerabilities. Users and administrators are encouraged to apply necessary updates.

References:

1. https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbhf04593en_us&docLocale=en_US