Local Elevation of Privilege in HPE Superdome Flex RMC Component
CVE-2020-7137

6.7MEDIUM

Key Information:

Vendor: HP
Status: HP Superdome Flex Server
Vendor: CVE Published:; 19 May 2020

What is CVE-2020-7137?

A validation issue in the RMC (Remote Management Controller) component of HPE Superdome Flex may allow an attacker with local access to elevate their privileges on the system. This vulnerability could enable unauthorized control over the system, emphasizing the importance of applying the latest server updates. To mitigate this risk, users should upgrade to HPE Superdome Flex Server version 3.25.46 or later.

Affected Version(s)

HPE Superdome Flex Server Prior to 3.25.46 (12 May 2020)

References

https://support.hpe.com/hpsc/doc/public/display?docLocale...

x_refsource_MISC

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 19, 2020
Vulnerability Reserved
Jan 16, 2020