Description:

HPE has released a security update to address several vulnerabilities in the following products:

• HPE ProLiant DL110 Gen10 Plus Telco server - Prior to 1.62_07-14-2022
• HPE ProLiant DL360 Gen10 Plus server - Prior to 1.62_07-14-2022
• HPE ProLiant DL380 Gen10 Plus server - Prior to 1.62_07-14-2022
• HPE Synergy 480 Gen10 Plus Compute Module - Prior to 1.62_07-14-2022
• HPE Synergy 480 Gen10 Plus Compute Module - Prior to 1.62_07-14-2022
• HPE ProLiant DX360 Gen10 Plus server - Prior to 1.62_07-14-2022 - Use BIOS family U46
• HPE ProLiant DX380 Gen10 Plus server - Prior to 1.62_07-14-2022 - Use BIOS family U46
• HPE ProLiant DX360 Gen10 Plus server - Prior to 1.62_07-14-2022 - Use BIOS family U46
• HPE ProLiant DX380 Gen10 Plus server - Prior to 1.62_07-14-2022 - Use BIOS family U46
• HPE ProLiant DL20 Gen10 Plus server - Prior to 1.60_07-14-2022
• HPE ProLiant DL110 Gen10 Plus Telco server - Prior to 1.62_07-14-2022
• HPE ProLiant DL360 Gen10 Plus server - Prior to 1.62_07-14-2022
• HPE ProLiant DL380 Gen10 Plus server - Prior to 1.62_07-14-2022
• HPE ProLiant ML30 Gen10 Plus server - Prior to 1.60_07-14-2022

Threats:

Attacker could exploit these vulnerabilities by doing the following:

• Sensitive information disclosure
• Escalation of Privilege

Best practice and Recommendations:

The CERT team encourages users to review HPE security advisory and apply the necessary updates:

• https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04341en_us
• https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04341en_us
• https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04347en_us
• https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04345en_us
• https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04346en_us
• https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04356en_us