CVE-2021-29212
CRITICALHPE iLO Amplifier Pack 1.80, 1.81, 1.90, 1.95 - Unauthenticated Path Traversal and Remote Code Execution
Title source: llmDescription
A remote unauthenticated directory traversal security vulnerability has been identified in HPE iLO Amplifier Pack versions 1.80, 1.81, 1.90 and 1.95. The vulnerability could be remotely exploited to allow an unauthenticated user to run arbitrary code leading complete impact to confidentiality, integrity, and availability of the iLO Amplifier Pack appliance.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04189en_us
Third Party Advisory, VDB Entry x_refsource_misc
https://www.zerodayinitiative.com/advisories/ZDI-21-1278/
Scores
CVSS v3
9.8
EPSS
0.1548
EPSS Percentile
94.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-22
Status
published
Products (4)
hp/ilo_amplifier_pack
1.80
hp/ilo_amplifier_pack
1.81
hp/ilo_amplifier_pack
1.90
hp/ilo_amplifier_pack
1.95
Published
Nov 01, 2021
Tracked Since
Feb 18, 2026