ID CVE-2018-7078
Summary A remote code execution was identified in HPE Integrated Lights-Out 4 (iLO 4) earlier than version v2.60 and HPE Integrated Lights-Out 5 (iLO 5) earlier than version v1.30.
References
Vulnerable Configurations
  • HP Integrated Lights-Out 3 (iLO 4) firmware 1.11
    cpe:2.3:o:hp:integrated_lights-out_4_firmware:1.11
  • HP Integrated Lights-Out 3 (iLO 4) firmware 1.13
    cpe:2.3:o:hp:integrated_lights-out_4_firmware:1.13
  • HP Integrated Lights-Out 3 (iLO 4) firmware 1.20
    cpe:2.3:o:hp:integrated_lights-out_4_firmware:1.20
  • HP Integrated Lights-Out 4 (iLO 4) Firmware 2.01
    cpe:2.3:o:hp:integrated_lights-out_4_firmware:2.01
  • HP Integrated Lights-Out 4 Firmware 2.03
    cpe:2.3:o:hp:integrated_lights-out_4_firmware:2.03
  • HP Integrated Lights-Out
    cpe:2.3:h:hp:integrated_lights-out
CVSS
Base: 9.0
Impact:
Exploitability:
nessus via4
NASL family CGI abuses
NASL id ILO_HPESBHF_03844.NASL
description According to its version number, the remote HP Integrated Lights-Out (iLO) server is affected by multiple vulnerabilities: - A remote command execution vulnerability exists in HP Integrated Lights-Out (iLO) server due to an unspecified reason. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands on the server (CVE-2018-7078). - A denial of service (DoS) vulnerability exists in HP Integrated Lights-Out (iLO) server due to unspecified reason. An unauthenticated, remote attacker can exploit this issue to cause the application to stop responding (CVE-2018-7101).
last seen 2019-02-21
modified 2019-02-08
plugin id 122032
published 2019-02-08
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=122032
title iLO 4 < 2.60 / iLO 5 < 1.30 Multiple Vulnerabilities
refmap via4
confirm https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03844en_us
sectrack 1041188
Last major update 07-08-2018 - 21:29
Published 06-08-2018 - 16:29
Last modified 05-10-2018 - 09:28
Back to Top