Friday, May 21, 2021

HP iLO: CVE-2021-29210: Cross-Site Scripting (XSS), Carriage Return Line Feed

Description
Multiple potential security vulnerabilities have been identified in HPE Integrated Lights-Out 5 (iLO 5), and HPE Integrated Lights-Out 4 (iLO 4). The vulnerabilities are XSS, CR-LF injection, DOM XSS and several buffer overflow vulnerabilities. The XSS, CR-LF injection and DOM XSS are against authenticated privileged iLO users of the iLO web interface. The iLO buffer overflow vulnerabilities can be exploited by a privileged user on a host OS to execute code on the iLO as a privileged user.
Solution(s)
  • hp-ilo-4-upgrade-2_78
  • hp-ilo-5-upgrade-2_44


  • References
  • https://attackerkb.com/topics/cve-2021-29210
  • CVE - 2021-29210
  • https://support.hpe.com/hpsc/doc/public/display?docId=hpesbhf04130en_us




  •  

    Copyright © 2021 Vulnerability Database | Cyber Details™

    thank you Templateism for the design - You should have written the code a little more complicated - Nothing Encrypted anymore