HPE Servers Exposed: Critical Vulnerability Demands Urgent Firmware Update
A critical security vulnerability, CVE-2021-38578, has been discovered in a wide range of HPE ProLiant, Alletra, Synergy, Apollo, and Edgeline servers. This vulnerability, rated with a severity score of 9.8, could allow remote attackers to execute arbitrary code, potentially leading to data breaches, system compromise, and operational disruptions.
The affected servers span multiple generations and models, including Gen10, Gen10 Plus, and Gen11 ProLiant servers, Alletra storage systems, Synergy compute modules, Apollo systems, and Edgeline servers. HPE has released firmware updates to address this critical vulnerability and urges customers to apply the updates immediately.
This vulnerability is particularly concerning due to its high severity rating and the potential for remote exploitation. Attackers could exploit this flaw to gain unauthorized access to sensitive data, install malware, or disrupt critical business operations. The broad range of affected servers amplifies the risk, as it impacts various industries and organizations that rely on HPE’s enterprise-grade hardware.
The affected server models and their vulnerable firmware versions are as follows:
- HPE Alletra 4110 and 4120 – Prior to v2.20_05-27-2024
- HPE ProLiant DL and ML Series (Gen10, Gen10 Plus, Gen11) – Various versions prior to v3.20_05-27-2024
- HPE Synergy Compute Modules (Gen10, Gen10 Plus, Gen11) – Various versions prior to v3.20_05-27-2024
- HPE Apollo Systems – Prior to v2.10_05-27-2024
- HPE Edgeline Servers – Various versions prior to v3.20_05-27-2024
For a complete list of affected models and versions, please refer to the HPE security bulletin.
HPE has acted swiftly to address this critical vulnerability by releasing updated BIOS firmware for the affected models. Users are strongly advised to update their server firmware to the latest versions to mitigate any potential security risks.
The recommended firmware versions to resolve this vulnerability are:
- Gen11, Alletra, and Synergy Gen11 – v2.20_05-27-2024 or later
- Gen10 Plus, Synergy Gen10 Plus, and XL – v2.10_05-27-2024 or later
- Gen10, Synergy Gen10, and XL – v3.20_05-27-2024 or later
- AMD Gen11 – v1.60_03-14-2024 or later
- AMD Gen10 and Gen10 Plus – v3.10_03-21-2024 or later
- Edgeline 930t – v2.20_05-27-2024 or later
- Edgeline 920x – v2.10_05-27-2024 or later
- Edgeline e910x – v3.20_05-27-2024 or later
To download the necessary firmware updates, users should visit the Hewlett Packard Enterprise Support Center. Follow these steps to locate and download the required updates:
- Enter the product name from the list of impacted products in the text search field and wait for the Suggested Products list to display.
- Select the desired product from the Suggested Products list.
- The page will refresh to include a selection for the “DRIVERS AND SOFTWARE” tab.
- Select the “DRIVERS AND SOFTWARE” tab to find and download the necessary components.
Related Posts:
- CVE-2024-32971: Critical Vulnerability in Apollo Router Compromises Data Integrity
- HPE Aruba Networking Patches Critical Vulnerabilities in Access Points
- HPE Aruba Networking Patches Critical Vulnerabilities in Mobility Controllers and Gateways
- CVE-2023-30908: HPE OneView Remote Authentication Bypass Vulnerability