Multiple vulnerabilities in HPE ProLiant DL Servers with AMD EPYC processors
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 9 |
| CVE-ID | CVE-2023-20578 CVE-2021-26344 CVE-2023-20591 CVE-2023-20584 CVE-2021-46746 CVE-2023-31356 CVE-2021-26387 CVE-2021-46772 CVE-2023-20518 |
| CWE-ID | CWE-367 CWE-787 CWE-665 CWE-20 CWE-121 CWE-459 CWE-284 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
HPE Gen10 BIOS Hardware solutions / Firmware HPE Gen10 Plus BIOS Hardware solutions / Firmware HPE Gen11 BIOS Hardware solutions / Firmware HPE ProLiant DL385 Gen11 Server Hardware solutions / Firmware HPE ProLiant DL365 Gen11 Server Hardware solutions / Firmware HPE ProLiant DL345 Gen11 Server Hardware solutions / Firmware HPE ProLiant DL325 Gen11 Server Hardware solutions / Firmware HPE ProLiant DL385 Gen10 Plus v2 server Hardware solutions / Firmware HPE ProLiant DL385 Gen10 Plus server Hardware solutions / Firmware HPE ProLiant DL385 Gen10 Server Hardware solutions / Firmware HPE ProLiant DL345 Gen10 Plus server Hardware solutions / Firmware HPE ProLiant DL365 Gen10 Plus server Hardware solutions / Firmware HPE ProLiant DL325 Gen10 Plus v2 server Hardware solutions / Firmware HPE ProLiant DL325 Gen10 Plus server Hardware solutions / Firmware HPE ProLiant DL325 Gen10 Server Hardware solutions / Firmware |
| Vendor | HPE |
Security Bulletin
This security bulletin contains information about 9 vulnerabilities.
1) Time-of-check Time-of-use (TOCTOU) Race Condition
EUVDB-ID: #VU97943
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-20578
CWE-ID:
CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper handling of certain special address ranges with invalid device table entries (DTEs). A local user can induce DTE faults to bypass RMP checks in SEV-SNP.
MitigationInstall update from vendor's website.
Vulnerable software versionsHPE Gen10 BIOS: before 2.84_09-07-2023
HPE Gen10 Plus BIOS: before 2.84_08-17-2023
HPE Gen11 BIOS: before 1.58_01-04-2024
HPE ProLiant DL385 Gen11 Server: before 1.58_01-04-2024
HPE ProLiant DL365 Gen11 Server: before 1.58_01-04-2024
HPE ProLiant DL345 Gen11 Server: before 1.58_01-04-2024
HPE ProLiant DL325 Gen11 Server: before 1.58_01-04-2024
HPE ProLiant DL385 Gen10 Plus v2 server: before 2.84_08-17-2023
HPE ProLiant DL385 Gen10 Plus server: before 2.84_08-17-2023
HPE ProLiant DL385 Gen10 Server: before 2.84_09-07-2023
HPE ProLiant DL345 Gen10 Plus server: before 2.84_08-17-2023
HPE ProLiant DL365 Gen10 Plus server: before 2.84_08-17-2023
HPE ProLiant DL325 Gen10 Plus v2 server: before 2.84_08-17-2023
HPE ProLiant DL325 Gen10 Plus server: before 2.84_08-17-2023
HPE ProLiant DL325 Gen10 Server: before 2.84_09-07-2023
CPE2.3- cpe:2.3:h:hpe:hpe_gen10_bios:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_gen10_plus_bios:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_gen11_bios:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl385_gen11_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl365_gen11_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl345_gen11_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl325_gen11_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl385_gen10_plus_v2_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl385_gen10_plus_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl385_gen10_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl345_gen10_plus_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl365_gen10_plus_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl325_gen10_plus_v2_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl325_gen10_plus_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl325_gen10_server:*:*:*:*:*:*:*:*
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04684en_us
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Out-of-bounds write
EUVDB-ID: #VU97944
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-26344
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing the AMD PSP1 Configuration Block (APCB). A local user can trigger an out-of-bounds write, modify the APCB block and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsHPE Gen10 BIOS: before 2.84_09-07-2023
HPE Gen10 Plus BIOS: before 2.84_08-17-2023
HPE Gen11 BIOS: before 1.58_01-04-2024
HPE ProLiant DL385 Gen11 Server: before 1.58_01-04-2024
HPE ProLiant DL365 Gen11 Server: before 1.58_01-04-2024
HPE ProLiant DL345 Gen11 Server: before 1.58_01-04-2024
HPE ProLiant DL325 Gen11 Server: before 1.58_01-04-2024
HPE ProLiant DL385 Gen10 Plus v2 server: before 2.84_08-17-2023
HPE ProLiant DL385 Gen10 Plus server: before 2.84_08-17-2023
HPE ProLiant DL385 Gen10 Server: before 2.84_09-07-2023
HPE ProLiant DL345 Gen10 Plus server: before 2.84_08-17-2023
HPE ProLiant DL365 Gen10 Plus server: before 2.84_08-17-2023
HPE ProLiant DL325 Gen10 Plus v2 server: before 2.84_08-17-2023
HPE ProLiant DL325 Gen10 Plus server: before 2.84_08-17-2023
HPE ProLiant DL325 Gen10 Server: before 2.84_09-07-2023
CPE2.3- cpe:2.3:h:hpe:hpe_gen10_bios:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_gen10_plus_bios:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_gen11_bios:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl385_gen11_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl365_gen11_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl345_gen11_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl325_gen11_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl385_gen10_plus_v2_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl385_gen10_plus_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl385_gen10_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl345_gen10_plus_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl365_gen10_plus_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl325_gen10_plus_v2_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl325_gen10_plus_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl325_gen10_server:*:*:*:*:*:*:*:*
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04684en_us
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper Initialization
EUVDB-ID: #VU97945
Risk: Medium
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-20591
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to compromise the affected system.
The vulnerability exists due to improper initialization of IOMMU during the DRTM event. A malicious guest can read or modify hypervisor memory.
MitigationInstall update from vendor's website.
Vulnerable software versionsHPE Gen10 BIOS: before 2.84_09-07-2023
HPE Gen10 Plus BIOS: before 2.84_08-17-2023
HPE Gen11 BIOS: before 1.58_01-04-2024
HPE ProLiant DL385 Gen11 Server: before 1.58_01-04-2024
HPE ProLiant DL365 Gen11 Server: before 1.58_01-04-2024
HPE ProLiant DL345 Gen11 Server: before 1.58_01-04-2024
HPE ProLiant DL325 Gen11 Server: before 1.58_01-04-2024
HPE ProLiant DL385 Gen10 Plus v2 server: before 2.84_08-17-2023
HPE ProLiant DL385 Gen10 Plus server: before 2.84_08-17-2023
HPE ProLiant DL385 Gen10 Server: before 2.84_09-07-2023
HPE ProLiant DL345 Gen10 Plus server: before 2.84_08-17-2023
HPE ProLiant DL365 Gen10 Plus server: before 2.84_08-17-2023
HPE ProLiant DL325 Gen10 Plus v2 server: before 2.84_08-17-2023
HPE ProLiant DL325 Gen10 Plus server: before 2.84_08-17-2023
HPE ProLiant DL325 Gen10 Server: before 2.84_09-07-2023
CPE2.3- cpe:2.3:h:hpe:hpe_gen10_bios:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_gen10_plus_bios:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_gen11_bios:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl385_gen11_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl365_gen11_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl345_gen11_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl325_gen11_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl385_gen10_plus_v2_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl385_gen10_plus_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl385_gen10_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl345_gen10_plus_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl365_gen10_plus_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl325_gen10_plus_v2_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl325_gen10_plus_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl325_gen10_server:*:*:*:*:*:*:*:*
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04684en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Input validation error
EUVDB-ID: #VU97948
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-20584
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient validation of special address ranges with invalid device table entries (DTEs) in IOMMU. A local user can induce DTE faults to bypass RMP checks in SEV-SNP.
MitigationInstall update from vendor's website.
Vulnerable software versionsHPE Gen10 BIOS: before 2.84_09-07-2023
HPE Gen10 Plus BIOS: before 2.84_08-17-2023
HPE Gen11 BIOS: before 1.58_01-04-2024
HPE ProLiant DL385 Gen11 Server: before 1.58_01-04-2024
HPE ProLiant DL365 Gen11 Server: before 1.58_01-04-2024
HPE ProLiant DL345 Gen11 Server: before 1.58_01-04-2024
HPE ProLiant DL325 Gen11 Server: before 1.58_01-04-2024
HPE ProLiant DL385 Gen10 Plus v2 server: before 2.84_08-17-2023
HPE ProLiant DL385 Gen10 Plus server: before 2.84_08-17-2023
HPE ProLiant DL385 Gen10 Server: before 2.84_09-07-2023
HPE ProLiant DL345 Gen10 Plus server: before 2.84_08-17-2023
HPE ProLiant DL365 Gen10 Plus server: before 2.84_08-17-2023
HPE ProLiant DL325 Gen10 Plus v2 server: before 2.84_08-17-2023
HPE ProLiant DL325 Gen10 Plus server: before 2.84_08-17-2023
HPE ProLiant DL325 Gen10 Server: before 2.84_09-07-2023
CPE2.3- cpe:2.3:h:hpe:hpe_gen10_bios:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_gen10_plus_bios:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_gen11_bios:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl385_gen11_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl365_gen11_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl345_gen11_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl325_gen11_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl385_gen10_plus_v2_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl385_gen10_plus_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl385_gen10_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl345_gen10_plus_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl365_gen10_plus_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl325_gen10_plus_v2_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl325_gen10_plus_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl325_gen10_server:*:*:*:*:*:*:*:*
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04684en_us
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Stack-based buffer overflow
EUVDB-ID: #VU97949
Risk: Low
CVSSv4.0: 1.8 [CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-46746
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in ASP Secure OS Trusted Execution Environment (TEE). A local privileged user with access to AMD signing keys can trigger a stack-based buffer overflow and perform a denial of service (DoS) attack.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsHPE Gen10 BIOS: before 2.84_09-07-2023
HPE Gen10 Plus BIOS: before 2.84_08-17-2023
HPE Gen11 BIOS: before 1.58_01-04-2024
HPE ProLiant DL385 Gen11 Server: before 1.58_01-04-2024
HPE ProLiant DL365 Gen11 Server: before 1.58_01-04-2024
HPE ProLiant DL345 Gen11 Server: before 1.58_01-04-2024
HPE ProLiant DL325 Gen11 Server: before 1.58_01-04-2024
HPE ProLiant DL385 Gen10 Plus v2 server: before 2.84_08-17-2023
HPE ProLiant DL385 Gen10 Plus server: before 2.84_08-17-2023
HPE ProLiant DL385 Gen10 Server: before 2.84_09-07-2023
HPE ProLiant DL345 Gen10 Plus server: before 2.84_08-17-2023
HPE ProLiant DL365 Gen10 Plus server: before 2.84_08-17-2023
HPE ProLiant DL325 Gen10 Plus v2 server: before 2.84_08-17-2023
HPE ProLiant DL325 Gen10 Plus server: before 2.84_08-17-2023
HPE ProLiant DL325 Gen10 Server: before 2.84_09-07-2023
CPE2.3- cpe:2.3:h:hpe:hpe_gen10_bios:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_gen10_plus_bios:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_gen11_bios:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl385_gen11_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl365_gen11_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl345_gen11_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl325_gen11_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl385_gen10_plus_v2_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl385_gen10_plus_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl385_gen10_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl345_gen10_plus_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl365_gen10_plus_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl325_gen10_plus_v2_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl325_gen10_plus_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl325_gen10_server:*:*:*:*:*:*:*:*
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04684en_us
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Incomplete cleanup
EUVDB-ID: #VU97951
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-31356
CWE-ID:
CWE-459 - Incomplete cleanup
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to incomplete system memory cleanup in SEV firmware. A local privileged user can corrupt guest private memory.
MitigationInstall update from vendor's website.
Vulnerable software versionsHPE Gen10 BIOS: before 2.84_09-07-2023
HPE Gen10 Plus BIOS: before 2.84_08-17-2023
HPE Gen11 BIOS: before 1.58_01-04-2024
HPE ProLiant DL385 Gen11 Server: before 1.58_01-04-2024
HPE ProLiant DL365 Gen11 Server: before 1.58_01-04-2024
HPE ProLiant DL345 Gen11 Server: before 1.58_01-04-2024
HPE ProLiant DL325 Gen11 Server: before 1.58_01-04-2024
HPE ProLiant DL385 Gen10 Plus v2 server: before 2.84_08-17-2023
HPE ProLiant DL385 Gen10 Plus server: before 2.84_08-17-2023
HPE ProLiant DL385 Gen10 Server: before 2.84_09-07-2023
HPE ProLiant DL345 Gen10 Plus server: before 2.84_08-17-2023
HPE ProLiant DL365 Gen10 Plus server: before 2.84_08-17-2023
HPE ProLiant DL325 Gen10 Plus v2 server: before 2.84_08-17-2023
HPE ProLiant DL325 Gen10 Plus server: before 2.84_08-17-2023
HPE ProLiant DL325 Gen10 Server: before 2.84_09-07-2023
CPE2.3- cpe:2.3:h:hpe:hpe_gen10_bios:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_gen10_plus_bios:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_gen11_bios:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl385_gen11_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl365_gen11_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl345_gen11_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl325_gen11_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl385_gen10_plus_v2_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl385_gen10_plus_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl385_gen10_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl345_gen10_plus_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl365_gen10_plus_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl325_gen10_plus_v2_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl325_gen10_plus_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl325_gen10_server:*:*:*:*:*:*:*:*
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04684en_us
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Improper access control
EUVDB-ID: #VU97952
Risk: Low
CVSSv4.0: 0.2 [CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-26387
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper access restrictions in ASP kernel. A local privileged user with access to AMD signing keys and the BIOS menu or UEFI shell can map DRAM regions in protected areas.
Install update from vendor's website.
Vulnerable software versionsHPE Gen10 BIOS: before 2.84_09-07-2023
HPE Gen10 Plus BIOS: before 2.84_08-17-2023
HPE Gen11 BIOS: before 1.58_01-04-2024
HPE ProLiant DL385 Gen11 Server: before 1.58_01-04-2024
HPE ProLiant DL365 Gen11 Server: before 1.58_01-04-2024
HPE ProLiant DL345 Gen11 Server: before 1.58_01-04-2024
HPE ProLiant DL325 Gen11 Server: before 1.58_01-04-2024
HPE ProLiant DL385 Gen10 Plus v2 server: before 2.84_08-17-2023
HPE ProLiant DL385 Gen10 Plus server: before 2.84_08-17-2023
HPE ProLiant DL385 Gen10 Server: before 2.84_09-07-2023
HPE ProLiant DL345 Gen10 Plus server: before 2.84_08-17-2023
HPE ProLiant DL365 Gen10 Plus server: before 2.84_08-17-2023
HPE ProLiant DL325 Gen10 Plus v2 server: before 2.84_08-17-2023
HPE ProLiant DL325 Gen10 Plus server: before 2.84_08-17-2023
HPE ProLiant DL325 Gen10 Server: before 2.84_09-07-2023
CPE2.3- cpe:2.3:h:hpe:hpe_gen10_bios:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_gen10_plus_bios:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_gen11_bios:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl385_gen11_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl365_gen11_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl345_gen11_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl325_gen11_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl385_gen10_plus_v2_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl385_gen10_plus_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl385_gen10_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl345_gen10_plus_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl365_gen10_plus_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl325_gen10_plus_v2_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl325_gen10_plus_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl325_gen10_server:*:*:*:*:*:*:*:*
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04684en_us
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Out-of-bounds write
EUVDB-ID: #VU97953
Risk: Low
CVSSv4.0: 0.2 [CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-46772
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient input validation in the ABL. A local privileged user with access to the BIOS menu or UEFI shell can tamper with the structure headers in SPI ROM and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsHPE Gen10 BIOS: before 2.84_09-07-2023
HPE Gen10 Plus BIOS: before 2.84_08-17-2023
HPE Gen11 BIOS: before 1.58_01-04-2024
HPE ProLiant DL385 Gen11 Server: before 1.58_01-04-2024
HPE ProLiant DL365 Gen11 Server: before 1.58_01-04-2024
HPE ProLiant DL345 Gen11 Server: before 1.58_01-04-2024
HPE ProLiant DL325 Gen11 Server: before 1.58_01-04-2024
HPE ProLiant DL385 Gen10 Plus v2 server: before 2.84_08-17-2023
HPE ProLiant DL385 Gen10 Plus server: before 2.84_08-17-2023
HPE ProLiant DL385 Gen10 Server: before 2.84_09-07-2023
HPE ProLiant DL345 Gen10 Plus server: before 2.84_08-17-2023
HPE ProLiant DL365 Gen10 Plus server: before 2.84_08-17-2023
HPE ProLiant DL325 Gen10 Plus v2 server: before 2.84_08-17-2023
HPE ProLiant DL325 Gen10 Plus server: before 2.84_08-17-2023
HPE ProLiant DL325 Gen10 Server: before 2.84_09-07-2023
CPE2.3- cpe:2.3:h:hpe:hpe_gen10_bios:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_gen10_plus_bios:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_gen11_bios:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl385_gen11_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl365_gen11_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl345_gen11_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl325_gen11_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl385_gen10_plus_v2_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl385_gen10_plus_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl385_gen10_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl345_gen10_plus_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl365_gen10_plus_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl325_gen10_plus_v2_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl325_gen10_plus_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl325_gen10_server:*:*:*:*:*:*:*:*
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04684en_us
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Incomplete cleanup
EUVDB-ID: #VU97954
Risk: Low
CVSSv4.0: 0.2 [CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-20518
CWE-ID:
CWE-459 - Incomplete cleanup
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to incomplete cleanup in the ASP. A local privileged user with access to the BIOS menu or UEFI shell can obtain the Master Encryption Key (MEK).
Install update from vendor's website.
Vulnerable software versionsHPE Gen10 BIOS: before 2.84_09-07-2023
HPE Gen10 Plus BIOS: before 2.84_08-17-2023
HPE Gen11 BIOS: before 1.58_01-04-2024
HPE ProLiant DL385 Gen11 Server: before 1.58_01-04-2024
HPE ProLiant DL365 Gen11 Server: before 1.58_01-04-2024
HPE ProLiant DL345 Gen11 Server: before 1.58_01-04-2024
HPE ProLiant DL325 Gen11 Server: before 1.58_01-04-2024
HPE ProLiant DL385 Gen10 Plus v2 server: before 2.84_08-17-2023
HPE ProLiant DL385 Gen10 Plus server: before 2.84_08-17-2023
HPE ProLiant DL385 Gen10 Server: before 2.84_09-07-2023
HPE ProLiant DL345 Gen10 Plus server: before 2.84_08-17-2023
HPE ProLiant DL365 Gen10 Plus server: before 2.84_08-17-2023
HPE ProLiant DL325 Gen10 Plus v2 server: before 2.84_08-17-2023
HPE ProLiant DL325 Gen10 Plus server: before 2.84_08-17-2023
HPE ProLiant DL325 Gen10 Server: before 2.84_09-07-2023
CPE2.3- cpe:2.3:h:hpe:hpe_gen10_bios:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_gen10_plus_bios:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_gen11_bios:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl385_gen11_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl365_gen11_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl345_gen11_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl325_gen11_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl385_gen10_plus_v2_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl385_gen10_plus_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl385_gen10_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl345_gen10_plus_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl365_gen10_plus_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl325_gen10_plus_v2_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl325_gen10_plus_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:hpe:hpe_proliant_dl325_gen10_server:*:*:*:*:*:*:*:*
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04684en_us
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
