Latest HPE Servers Security News #1

Starting today, I want to publish weekly posts about latest HPE servers security vulnerabilities because HPE is one of most biggest server hardware vendors and many companies are using HPE servers in their data centers.

Certain HPE Servers with a UEFI-based BIOS, Multiple Local Vulnerabilities

Potential Security Impact: Local: Denial of Service (DoS), Disclosure of Information, Escalation of Privilege.

Vulnerability Summary

Security vulnerabilities in UEFI Open Source (EDK2)-based BIOS firmware may allow escalation of privilege, information disclosure or denial of service. Vendors are releasing firmware updates to mitigate these vulnerabilities.

Resolution

HPE has provided firmware updates for all of the listed products.

Certain HPE Servers with Intel Server Platform Services (SPS) Firmware, Multiple Local Vulnerabilities

Potential Security Impact: Local: Authentication Bypass, Denial of Service (DoS), Execution of Arbitrary Code.

Vulnerability Summary

Security vulnerabilities in IntelĀ® Server Platform Services (SPS) may allow privilege escalation, information disclosure, or denial of service. Intel is releasing Intel Server Platform Services updates to mitigate these vulnerabilities.

Resolution

HPE has provided Server Platform Services (SPS) 04.01.04.251(2 Apr 2019) for all of the listed products.

External Links

http://www.hpe.com/support/Security_Bulletin_Archive

Davoud Teimouri

Davoud Teimouri is as a professional blogger, vExpert 2015/2016/2017/2018, VCA, MCITP. This blog is started with simple posts and now, it has large following readers.

Leave a Reply

Your email address will not be published. Required fields are marked *