SB2023032421 - Multiple vulnerabilities in HPE Edgeline EL300 Converged Edge Systems

Description

This security bulletin contains information about 5 secuirty vulnerabilities.

1) Observable discrepancy (CVE-ID: CVE-2020-24512)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to observable timing discrepancy. A local user can gain unauthorized access to sensitive information on the system.

2) Race condition (CVE-ID: CVE-2020-8670)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition in the firmware . A local administrator can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.

3) Out-of-bounds read (CVE-ID: CVE-2020-24506)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in a subsystem. A local administrator can trigger out-of-bounds read error and read contents of memory on the system.

4) Information disclosure (CVE-ID: CVE-2020-24507)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to improper initialization in a subsystem. A local administrator can gain unauthorized access to sensitive information on the system.

5) Race condition (CVE-ID: CVE-2020-8704)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition in subsystem. A local administrator can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.

Remediation

Install update from vendor's website.

References

• https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04205en_us