File Retrieval Vulnerability in Broadcom Emulex HBA Manager
CVE-2021-42773

7.5HIGH

Key Information:

Vendor: Broadcom
Status: Emulex Hba Manager
Vendor: CVE Published:; 12 November 2021

Summary

The Emulex HBA Manager and One Command Manager by Broadcom are susceptible to a file retrieval vulnerability. If these applications are not installed in Strictly Local Management mode, an unauthenticated user may leverage the GetDumpFile command to retrieve arbitrary files from remote hosts, potentially compromising sensitive data. It is crucial for users to ensure that their installations operate in a secure mode to mitigate this risk.

References

https://www.broadcom.com/products/storage/fibre-channel-h...

x_refsource_MISC

https://docs.broadcom.com/doc/elx_HBAManager-Lin-RN12811-...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 12, 2021
Vulnerability Reserved
Oct 21, 2021