high
7.2
Advisory Published
Updated

CVE-2020-7205

First published: Thu Jul 30 2020(Updated: )

A potential security vulnerability has been identified in HPE Intelligent Provisioning, Service Pack for ProLiant, and HPE Scripting ToolKit. The vulnerability could be locally exploited to allow arbitrary code execution during the boot process. **Note:** This vulnerability is related to using insmod in GRUB2 in the specific impacted HPE product and HPE is addressing this issue. HPE has made the following software updates and mitigation information to resolve the vulnerability in Intelligent Provisioning, Service Pack for ProLiant, and HPE Scripting ToolKit. HPE provided latest Intelligent Provisioning, Service Pack for ProLiant, and HPE Scripting Toolkit which includes the GRUB2 patch to resolve this vulnerability. These new boot images will update GRUB2 and the Forbidden Signature Database (DBX). After the DBX is updated, users will not be able to boot to the older IP, SPP or Scripting ToolKit with Secure Boot enabled. HPE have provided a standalone DBX update tool to work with Microsoft Windows, and supported Linux Operating Systems. These tools can be used to update the Forbidden Signature Database (DBX) from within the OS. **Note:** This DBX update mitigates the GRUB2 issue with insmod enabled, and the "Boot Hole" issue for HPE signed GRUB2 applications.

Credit: security-alert@hpe.com

Affected SoftwareAffected VersionHow to fix
HPE Intelligent Provisioning<1.72
Hpe Proliant Bl460c Gen8 Blade Server
Hpe Proliant Bl660c Gen8 Blade Server
Hpe Proliant Dl160 Gen8 Server
Hpe Proliant Dl360e Gen8 Server
Hpe Proliant Dl360p Gen8 Server
Hpe Proliant Dl380e Gen8 Server
Hpe Proliant Dl380p Gen8 Server
Hpe Proliant Dl385p Gen8 Server
Hpe Proliant Dl560 Gen8 Server
Hpe Proliant Dl580 Gen8 Server
Hpe Proliant Ml310e Gen8 Server
Hpe Proliant Ml350e Gen8 Server
Hpe Proliant Ml350p Gen8 Server
Hpe Proliant Sl230s Gen8 Server
Hpe Proliant Sl250s Gen8 Server
Hpe Proliant Sl270s Gen8 Server
Hpe Proliant Sl4540 Gen8 Server
Hpe Proliant Ws460c Gen8 Graphics Server Blade
HPE Intelligent Provisioning<2.81
Hpe Service Pack For Proliant<2020.03.0
Hpe Smartstart Scripting Toolkit<11.40
Hpe Apollo 4200 Gen9 Server
Hpe Apollo 4520 Chassis
Hpe Cloudline Cl3100 Gen9 Server
HPE Cloudline CL5200 Gen9 Server
HPE Cloudline CL5800 Gen9 Server
Hpe Proliant Bl460c Gen9 Server Blade
Hpe Proliant Bl660c Gen9 Server Blade
Hpe Proliant Dl120 Gen9 Server
Hpe Proliant Dl160 Gen9 Server
Hpe Proliant Dl180 Gen9 Server
Hpe Proliant Dl20 Gen9 Server
Hpe Proliant Dl360 Gen9 Server
Hpe Proliant Dl380 Gen9 Server
Hpe Proliant Dl388 Gen9 Server
Hpe Proliant Dl560 Gen9 Server
Hpe Proliant Dl580 Gen9 Server
Hpe Proliant Dl60 Gen9 Server
Hpe Proliant Dl80 Gen9 Server
Hpe Proliant E910 Server Blade
Hpe Proliant M510 Server Cartridge
Hpe Proliant M710x-l Server Blade
Hpe Proliant M710x Server Blade
Hpe Proliant M750 Server Blade
Hpe Proliant Ml10 Gen9 Server
Hpe Proliant Ml110 Gen9 Server
Hpe Proliant Ml150 Gen9 Server
Hpe Proliant Ml30 Gen9 Server
Hpe Proliant Ml350 Gen9 Server
Hpe Proliant Se2160w Gen9 Server
Hpe Proliant Ws460c Gen9 Graphics Server Blade
Hpe Proliant Xl170r Gen9 Server
Hpe Proliant Xl190r Gen9 Server
Hpe Proliant Xl230a Gen9 Server
Hpe Proliant Xl250a Gen9 Server
Hpe Proliant Xl260a Gen9 Server
Hpe Proliant Xl270d Gen9 Server
Hpe Proliant Xl450 Gen9 Server
Hpe Proliant Xl730f Gen9 Server
Hpe Proliant Xl740f Gen9 Server
Hpe Proliant Xl750f Gen9 Server
Hpe Storeeasy 1000 Storage Gen9
Hpe Synergy 480 Gen9 Compute Module
Hpe Synergy 620 Gen9 Compute Module
Hpe Synergy 660 Gen9 Compute Module
Hpe Synergy 680 Gen9 Compute Module
Hpe Synergy D3940 Storage Module
HPE Intelligent Provisioning<=3.30.213
HPE Intelligent Provisioning=3.31
HPE Intelligent Provisioning=3.40
Hpe Apollo 2000 Gen10 Plus System
Hpe Apollo 4200 Gen10 Server
Hpe Apollo 4510 Gen10 System
Hpe Apollo 6500 Gen10 System
Hpe Cloudline Cl2100 Gen10 Server
Hpe Cloudline Cl2200 Gen10 Server
Hpe Cloudline Cl2600 Gen10 Server
Hpe Cloudline Cl2800 Gen10 Server
HPE Cloudline CL3100 Gen10 Server
Hpe Cloudline Cl3150 Gen10 Server
HPE Cloudline CL4100 Gen10 Server
Hpe Proliant Bl460c Gen10 Server Blade
Hpe Proliant Dl120 Gen10 Server
Hpe Proliant Dl160 Gen10 Server
Hpe Proliant Dl180 Gen10 Server
Hpe Proliant Dl20 Gen10 Server
Hpe Proliant Dl325 Gen10 Server
Hpe Proliant Dl360 Gen10 Server
Hpe Proliant Dl380 Gen10 Server
Hpe Proliant Dl385 Gen10 Server
Hpe Proliant Dl560 Gen10 Server
Hpe Proliant Dl580 Gen10 Server
Hpe Proliant Dx170r Gen10 Server
Hpe Proliant Dx190r Gen10 Server
Hpe Proliant Dx360 Gen10 Server
Hpe Proliant Dx380 Gen10 Server
Hpe Proliant Dx385 Gen10 Plus Server
Hpe Proliant Dx4200 Gen10 Server
Hpe Proliant Dx560 Gen10 Server
Hpe Proliant Microserver Gen10
HPE ProLiant MicroServer Gen10 Plus
Hpe Proliant Ml110 Gen10 Server
Hpe Proliant Ml30 Gen10 Server
Hpe Proliant Ml350 Gen10 Server
Hpe Proliant Xl170r Gen10 Server
Hpe Proliant Xl190r Gen10 Server
Hpe Proliant Xl220n Gen10 Plus Server
Hpe Proliant Xl230k Gen10 Server
Hpe Proliant Xl270d Gen10 Server
Hpe Proliant Xl270d Gen9 Special Server
Hpe Proliant Xl290n Gen10 Plus Server
Hpe Proliant Xl2x260w Gen10 Server
Hpe Proliant Xl450 Gen10 Server
Hpe Proliant Xl925g Gen10 Plus 1u 4-node Configure-to-order Server
Hpe Simplivity 2600 Gen10
Hpe Simplivity 325 Gen10
Hpe Simplivity 380 Gen10
Hpe Storeeasy 1000 Storage Gen10
Hpe Synergy 480 Gen10 Compute Module
Hpe Synergy 480 Gen10 Plus Compute Module
Hpe Synergy 660 Gen10 Compute Module

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203