CVE-2021-26573 – A buffer overflow vulnerability in HPE Apollo 7... (How to Fix)

Q: What is the severity of CVE-2021-26573?

CVE-2021-26573 has a CVSS score of 7.8 (HIGH). A buffer overflow vulnerability in HPE Apollo 70 System BMC firmware allows local attackers to execute arbitrary code or cause denial of service. This affects systems running BMC firmware versions prior to 3.0.14.0. Attackers with local access to the BMC interface can exploit this vulnerability.

📋 TL;DR

A buffer overflow vulnerability in HPE Apollo 70 System BMC firmware allows local attackers to execute arbitrary code or cause denial of service. This affects systems running BMC firmware versions prior to 3.0.14.0. Attackers with local access to the BMC interface can exploit this vulnerability.

💻 Affected Systems

Products:

HPE Apollo 70 System

Versions: BMC firmware versions prior to 3.0.14.0

Operating Systems: BMC firmware (not host OS)

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability is in the BMC firmware's libifc.so library webgeneratesslcfg function.

📦 What is this software?

Baseboard Management Controller by Hpe

View all CVEs affecting Baseboard Management Controller →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the BMC, allowing persistent access, firmware modification, and potential lateral movement to the host system.

🟠

Likely Case

Local privilege escalation on the BMC, enabling unauthorized configuration changes, credential theft, or denial of service.

🟢

If Mitigated

Limited impact if BMC is isolated on management network with strict access controls and monitoring.

🌐 Internet-Facing: MEDIUM - If BMC management interface is exposed to internet, risk increases significantly.

🏢 Internal Only: HIGH - Local network access to BMC interface provides direct attack surface.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access to BMC interface. Buffer overflow in SSL configuration function.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.0.14.0 or later

Vendor Advisory: https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04080en_us

Restart Required: Yes

Instructions:

1. Download firmware update from HPE Support Portal. 2. Upload to BMC via web interface or iLO. 3. Apply firmware update. 4. Reboot BMC after installation.

🔧 Temporary Workarounds

Restrict BMC Network Access

all

Isolate BMC management interface to dedicated management network with strict firewall rules.

Disable Unused BMC Services

all

Disable web interface or SSL configuration features if not required.

🧯 If You Can't Patch

Implement strict network segmentation for BMC management interfaces
Enable detailed logging and monitoring of BMC access attempts

🔍 How to Verify

Check if Vulnerable:

Check BMC firmware version via web interface or SSH: ssh admin@bmc-ip 'show version'

Check Version:

ssh admin@bmc-ip 'show version' | grep Firmware

Verify Fix Applied:

Verify firmware version is 3.0.14.0 or higher using same command.

📡 Detection & Monitoring

Log Indicators:

Multiple failed authentication attempts to BMC
Unusual BMC configuration changes
Buffer overflow error messages in BMC logs

Network Indicators:

Unusual traffic patterns to BMC management port (default 443/22)
SSL configuration requests to vulnerable endpoint

SIEM Query:

source="bmc_logs" AND (event_type="authentication_failure" OR event_type="buffer_overflow")

📊 Metadata

CVE ID: CVE-2021-26573

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-120

Published: February 8, 2021

Last Updated: November 21, 2024

🔗 References

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04080en_us Patch,Vendor Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04080en_us Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-26573, you might also want to check these: