high
7.2
Advisory Published
Updated

CVE-2020-7205

First published: Thu Jul 30 2020(Updated: )

A potential security vulnerability has been identified in HPE Intelligent Provisioning, Service Pack for ProLiant, and HPE Scripting ToolKit. The vulnerability could be locally exploited to allow arbitrary code execution during the boot process. **Note:** This vulnerability is related to using insmod in GRUB2 in the specific impacted HPE product and HPE is addressing this issue. HPE has made the following software updates and mitigation information to resolve the vulnerability in Intelligent Provisioning, Service Pack for ProLiant, and HPE Scripting ToolKit. HPE provided latest Intelligent Provisioning, Service Pack for ProLiant, and HPE Scripting Toolkit which includes the GRUB2 patch to resolve this vulnerability. These new boot images will update GRUB2 and the Forbidden Signature Database (DBX). After the DBX is updated, users will not be able to boot to the older IP, SPP or Scripting ToolKit with Secure Boot enabled. HPE have provided a standalone DBX update tool to work with Microsoft Windows, and supported Linux Operating Systems. These tools can be used to update the Forbidden Signature Database (DBX) from within the OS. **Note:** This DBX update mitigates the GRUB2 issue with insmod enabled, and the "Boot Hole" issue for HPE signed GRUB2 applications.

Credit: security-alert@hpe.com

Affected SoftwareAffected VersionHow to fix
HPE Intelligent Provisioning<1.72
HP ProLiant BL460c Gen8 Server Blade
HPE ProLiant BL660c Gen8 Server Blade
HP ProLiant DL160 Gen8 Server
HPE ProLiant DL360e Gen8 Server
HPE ProLiant DL360p Gen8 Server
HP ProLiant DL380e Gen8 Server
HPE ProLiant DL380p Gen8 Server
HPE ProLiant DL385p Gen8 (AMD)
HP ProLiant DL560 Gen8 Server Firmware
HP ProLiant DL580 Gen8 Server
HPE ProLiant ML310e Gen8 v2 Server
HP ProLiant ML350e Gen8 Server
HP ProLiant ML350p Gen8 Server Firmware
HPE ProLiant sl230s gen8 server
HPE ProLiant SL250s Gen8 Server
HPE ProLiant SL270s Gen8 Server Firmware
HPE ProLiant SL4540 Gen8 1 Node Server
HPE ProLiant WS460c Gen8 Graphics Server Blade
HPE Intelligent Provisioning<2.81
HP Service Pack for ProLiant<2020.03.0
HPE SmartStart Scripting Toolkit for Linux<11.40
HPE Apollo 4200 Gen9 Server
HPE Apollo 4520 Chassis
HPE Cloudline CL3100 Gen9 Server
HPE Cloudline CL5200 Gen9 Server
HPE Cloudline CL5800 Gen9 Server
HP ProLiant BL460c Gen9 Server Blade
HPE ProLiant BL660c Gen9 Server
HPE ProLiant DL120 Gen9 Server
HP ProLiant DL160 Gen9 Server
HP ProLiant DL180 Gen9 Server
HP ProLiant DL20 Gen9 Server Firmware
HP ProLiant DL360 Gen9 Server
HP ProLiant DL380 Gen9 Server Firmware
HPE ProLiant DL388 Gen9 Server
HPE ProLiant DL560 Gen9 Server
HPE ProLiant DL580 Gen9 Server
HP ProLiant DL60 Gen9 Server
HPE ProLiant DL80 Gen9 Server
HPE ProLiant E910 Server Blade
HP ProLiant m510 Server Cartridge
HPE ProLiant m710x-l server blade
HPE ProLiant m710x-l server blade
HPE ProLiant m750 Server Blade
HP ProLiant ML10 Gen9 Server
HPE ProLiant ml110 gen9 server
HPE ProLiant ML150 Gen9 Server Firmware
HP ProLiant ML30 Gen9 Server
HP ProLiant ML350 Gen9 Server
HPE ProLiant se2160w gen9 server
HPE ProLiant WS460c Gen9 Graphics Server Blade
HP ProLiant XL170R Gen9
HP ProLiant XL190r Gen9 Server Firmware
HPE ProLiant XL230a Gen9 Server Firmware
HPE ProLiant XL250a Gen9 Server Firmware
HPE ProLiant xl260a gen9 server
HPE ProLiant xl270d Gen9 Special Server
HPE ProLiant XL450 Gen9 Server
HPE ProLiant xl730f Gen9 Server
HP ProLiant XL740f Gen9 Server
HP ProLiant XL750f Gen9 Server
HPE StoreEasy 1000 Storage Gen9
HPE Synergy 480 Gen9
HPE Synergy 620 Gen9
HPE Synergy 660 Gen9
HPE Synergy 680 Gen9
HPE Synergy D3940 Storage Module
HPE Intelligent Provisioning<=3.30.213
HPE Intelligent Provisioning=3.31
HPE Intelligent Provisioning=3.40
HPE Apollo 2000 System
HPE Apollo 4200 Gen10 Plus System
HP Apollo 4510 System
HPE Apollo 6500 Gen10 Plus
HPE Cloudline CL2100 Gen10 Server
HPE Cloudline CL2200 Gen10 Server
HPE Cloudline CL2600 Gen10 Server
HPE Cloudline CL2800 Gen10 Server
HPE Cloudline CL3100 Gen10 Server
HPE Cloudline CL3150 Gen10 Server
HPE Cloudline CL4100 Gen10 Server
HPE ProLiant BL460c Gen10 Server Blade
HP ProLiant DL120 Gen10 Server
HP ProLiant DL160 Gen10 Server
HPE ProLiant DL180 Gen10 Server
HPE ProLiant DL20 Gen10 Plus Server
HPE ProLiant DL325 Gen10 Server
HP ProLiant DL360 Gen10
HP ProLiant DL380 Gen10
HPE ProLiant DL385 Gen10 Server
HPE proliant dl560 gen10 server
HPE ProLiant DL580 Gen10 Server Firmware
HPE ProLiant DX170R Gen10 Server
HPE ProLiant DX190R Gen10 Server
HPE ProLiant DX360 Gen10 Server
HPE ProLiant DX380 Gen10 Server
HPE ProLiant DX385 Gen10 Plus Server
HPE ProLiant DX4200 Gen10 Server
HPE ProLiant DX560 Gen10 Server
HPE ProLiant MicroServer Gen10 Plus v2
HPE ProLiant MicroServer Gen10 Plus v2
HP ProLiant ML110 Gen10 Server
HPE ProLiant ML30 Gen10
HP ProLiant ML350 Gen10 Server
HP ProLiant xl170r Gen10
HP ProLiant xl190r Gen10
HPE ProLiant XL220n Gen10 Plus Server
HP ProLiant XL230k Gen10 Server
HPE ProLiant XL270d Gen10 Server
HP ProLiant XL270d Gen9 Server
HPE ProLiant XL290n Gen10 Plus Server
HPE ProLiant xl2x260w Gen10 Server
HPE ProLiant XL450 Gen10 Server Firmware
HPE ProLiant XL925 Gen10 Plus 1U 4-Node Configure-to-Order Server
HP SimpliVity 2600 Gen10 firmware
HPE SimpliVity 325 Gen10
HPE SimpliVity 380 Gen10 Firmware
HPE StoreEasy 1000 Storage Gen10
HPE Synergy 480 Gen10 Plus Compute Module
HPE Synergy 480 Gen10 Plus Compute Module
HP Synergy 660 Gen10 Firmware

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2020-7205?

    The severity of CVE-2020-7205 is considered high due to the potential for arbitrary code execution during the boot process.

  • How do I fix CVE-2020-7205?

    You can mitigate CVE-2020-7205 by applying the latest firmware updates for HPE Intelligent Provisioning or related tools.

  • What systems are affected by CVE-2020-7205?

    CVE-2020-7205 affects HPE Intelligent Provisioning versions prior to 1.72 and HPE Service Pack for ProLiant versions prior to 2020.03.0.

  • Is there a workaround for CVE-2020-7205?

    Currently, there is no documented workaround for CVE-2020-7205; updating the software is the recommended approach.

  • Can CVE-2020-7205 be exploited remotely?

    CVE-2020-7205 requires local access to the system to exploit the vulnerability.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203