Buffer Overflow Vulnerability in Broadcom Emulex HBA Manager/One Command Manager
CVE-2021-42772

9.8CRITICAL

Key Information:

Vendor: Broadcom
Status: One Command Manager; Emulex Hba Manager
Vendor: CVE Published:; 3 November 2021

Summary

The Broadcom Emulex HBA Manager and One Command Manager are susceptible to a buffer overflow vulnerability that occurs when the remote GetDumpFile command is executed in non-secure mode. This situation allows unauthenticated users to exploit the vulnerability, potentially facilitating various attacks. To mitigate risk, it is critical for users to configure the software in Strictly Local Management mode and ensure they are using patched versions 11.4.425.0 or later and 12.8.542.31 or later.

References

https://docs.broadcom.com/doc/elx_HBAManager-Lin-RN12811-...

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 3, 2021
Vulnerability Reserved
Oct 21, 2021