Login Sign Up

CVE-2021-42773

7.5 HIGH

📋 TL;DR

This vulnerability in Broadcom Emulex HBA Manager allows unauthenticated remote users to retrieve arbitrary files from affected systems when not configured in Strictly Local Management mode. It affects versions before 11.4.425.0 and 12.8.542.31, potentially exposing sensitive system files to attackers.

💻 Affected Systems

Products:
  • Broadcom Emulex HBA Manager
  • Broadcom Emulex One Command Manager
Versions: Versions before 11.4.425.0 and 12.8.542.31
Operating Systems: Linux, Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Only vulnerable when NOT configured in Strictly Local Management mode. Non-secure mode allows unauthenticated access.

📦 What is this software?

Emulex Hba Manager by Broadcom

View all CVEs affecting Emulex Hba Manager →

Emulex Hba Manager by Broadcom

View all CVEs affecting Emulex Hba Manager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through retrieval of sensitive files like configuration files, passwords, or system logs, leading to lateral movement or data exfiltration.

🟠

Likely Case

Unauthorized access to sensitive system files containing configuration data, potentially enabling further attacks or information disclosure.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing unauthorized connections to management interfaces.

🌐 Internet-Facing: HIGH - Unauthenticated remote file retrieval allows attackers to access sensitive files without credentials.
🏢 Internal Only: HIGH - Even internally, unauthenticated access to arbitrary files poses significant risk to system security.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires sending GetDumpFile command to vulnerable systems. No authentication needed in non-secure mode.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 11.4.425.0 and 12.8.542.31 or later

Vendor Advisory: https://docs.broadcom.com/doc/elx_HBAManager-Lin-RN12811-101.pdf

Restart Required: Yes

Instructions:

1. Download updated version from Broadcom support portal. 2. Backup current configuration. 3. Install updated version following vendor instructions. 4. Restart affected services or system.

🔧 Temporary Workarounds

Enable Strictly Local Management Mode

all

Configure HBA Manager to only accept connections from localhost, preventing remote exploitation.

Refer to Broadcom documentation for specific configuration steps

Network Segmentation

linux

Restrict network access to HBA Manager ports using firewall rules.

iptables -A INPUT -p tcp --dport [HBA_PORT] -s [TRUSTED_IP] -j ACCEPT
iptables -A INPUT -p tcp --dport [HBA_PORT] -j DROP

🧯 If You Can't Patch

  • Enable Strictly Local Management mode immediately
  • Implement strict network access controls and firewall rules to limit connections to trusted IPs only

🔍 How to Verify

Check if Vulnerable:

Check HBA Manager version and configuration mode. If version is below patched versions and not in Strictly Local Management mode, system is vulnerable.

Check Version:

emlxhba -v or check HBA Manager GUI/CLI version information

Verify Fix Applied:

Verify version is 11.4.425.0 or higher (for 11.x) or 12.8.542.31 or higher (for 12.x). Confirm Strictly Local Management mode is enabled.

📡 Detection & Monitoring

Log Indicators:

  • Unusual GetDumpFile command requests
  • Unauthorized access attempts to HBA Manager
  • File retrieval operations from unexpected sources

Network Indicators:

  • Unexpected connections to HBA Manager ports (typically 2301, 2302)
  • GetDumpFile commands in network traffic

SIEM Query:

source="HBA_Manager_Logs" AND (event="GetDumpFile" OR event="unauthorized_access")

📊 Metadata

CVE ID: CVE-2021-42773
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Published: November 12, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON