Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Generic)  >   HPE ProLiant Support Pack Vendors:   HPE
HPE ProLiant Server Firmware Buffer Overflows in Intel Server Platform Service Let Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1039955
SecurityTracker URL:
CVE Reference:   CVE-2017-5706, CVE-2017-5709   (Links to External Site)
Date:  Dec 5 2017
Impact:   Execution of arbitrary code via local system, Root access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   Two vulnerabilities were reported in HPE ProLiant Server Firmware on some HPE servers. A physically local user can obtain elevated privileges on the target system.

A physically local user can trigger a buffer overflow to execute arbitrary code on the target system [CVE-2017-5706].

A physically local user can cause a process to access privileged content to gain elevated privileges on the target system [CVE-2017-5709].

The vulnerabilities reside in the Intel Server Platform Service (SPS) v4.0 component.

The following HPE Prolian Server models are affected.

BL460c Gen10 Server Blade ROM firmware
DL20 Gen9 Server SPS firmware
DL360 Gen10 Server ROM firmware
DL380 Gen10 Server ROM firmware
DL560 Gen10 Server ROM firmware
DL580 Gen10 Server ROM firmware
m710x Server Cartridge ROM firmware
ML30 Gen9 Server SPS Firmware
ML110 Gen10 Server ROM firmware
ML350 Gen10 Server ROM firmware
XL170r Gen10 Server ROM firmware
XL190r Gen10 Server ROM firmware
XL230k Gen10 Server ROM firmware
XL450 Gen10 Server ROM firmware

The original advisory is available at:

Impact:   A physically local user can obtain elevated privileges on the target system.
Solution:   HPE has issued a fix.

The HPE advisories are available at:

Vendor URL: (Links to External Site)
Cause:   Access control error, Boundary error

Message History:   None.

 Source Message Contents



Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC