Denial of Service Vulnerability in HPE Superdome Flex Server
CVE-2021-26581

6.5MEDIUM

Key Information:

Vendor: HP
Status: HP Superdome Flex Server
Vendor: CVE Published:; 1 April 2021

Summary

A potential denial of service vulnerability exists in HPE Superdome Flex servers that allows an attacker to remotely exploit the BMC web interface. This exploitation can lead to hung connections, necessitating a reboot of the monarch BMC for recovery. The issue is specifically related to the BMC management system, while other BMC features remain unaffected. HPE has provided software updates that address this vulnerability, urging users to upgrade to Firmware 3.30.142 or later to ensure system resilience.

Affected Version(s)

HPE Superdome Flex Server Prior to version 3.30.142

References

https://support.hpe.com/hpsc/doc/public/display?docLocale...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 1, 2021
Vulnerability Reserved
Feb 2, 2021