CVE-2021-25139

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A potential security vulnerability has been identified in the HPE Moonshot Provisioning Manager v1.20. The HPE Moonshot Provisioning Manager is an application that is installed in a VMWare or Microsoft Hyper-V environment that is used to setup and configure an HPE Moonshot 1500 chassis. This vulnerability could be remotely exploited by an unauthenticated user to cause a stack based buffer overflow using user supplied input to the `khuploadfile.cgi` CGI ELF. The stack based buffer overflow could lead to Remote Code Execution, Denial of Service, and/or compromise system integrity. **Note:** HPE recommends that customers discontinue the use of the HPE Moonshot Provisioning Manager. The HPE Moonshot Provisioning Manager application is discontinued, no longer supported, is not available to download from the HPE Support Center, and no patch is available.

Se ha identificado una vulnerabilidad de seguridad potencial en HPE Moonshot Provisioning Manager versión v1.20. HPE Moonshot Provisioning Manager es una aplicación que es instalada en un entorno VMWare o Microsoft Hyper-V que es usada para instalar y configurar un chasis HPE Moonshot 1500. Esta vulnerabilidad podría ser explotada remotamente por un usuario no autenticado para causar un desbordamiento del búfer en la región stack de la memoria usando la entrada suministrada por el usuario al ELF CGI "khuploadfile.cgi". El desbordamiento del búfer en la región stack de la memoria podría conllevar a una Ejecución de Código Remota, una Denegación de Servicio y/o comprometer la integridad del sistema. **Nota:** HPE recomienda a los clientes dejar de usar HPE Moonshot Provisioning Manager. La aplicación HPE Moonshot Provisioning Manager está descontinuada, ya no es compatible, no está disponible para descargar desde el Centro de soporte de HPE y no existe ningún parche disponible

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-01-14 CVE Reserved
2021-02-09 CVE Published
2024-08-03 CVE Updated
2024-10-09 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-787: Out-of-bounds Write

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04084en_us	2021-02-16

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Hp Search vendor "Hp"		Moonshot Provisioning Manager Search vendor "Hp" for product "Moonshot Provisioning Manager"				1.20 Search vendor "Hp" for product "Moonshot Provisioning Manager" and version "1.20"		-		Affected