var-201808-0934
Vulnerability from variot
A remote code execution was identified in HPE Integrated Lights-Out 4 (iLO 4) earlier than version v2.60 and HPE Integrated Lights-Out 5 (iLO 5) earlier than version v1.30. Through an integrated remote management port, Monitor and maintain the running status of the server, remotely manage and control the server, etc. An attacker could exploit this vulnerability to execute code
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201808-0934",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integrated lights-out 4",
"scope": "lt",
"trust": 1.0,
"vendor": "hp",
"version": "2.60"
},
{
"model": "integrated lights-out 5",
"scope": "lt",
"trust": 1.0,
"vendor": "hp",
"version": "1.30"
},
{
"model": "hpe integrated lights-out 4",
"scope": "lt",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "2.60"
},
{
"model": "hpe integrated lights-out 5",
"scope": "lt",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "1.30"
},
{
"model": "integrated lights-out 4",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "2.03"
},
{
"model": "integrated lights-out 4",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "1.13"
},
{
"model": "integrated lights-out 4",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "1.11"
},
{
"model": "integrated lights-out 4",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "1.20"
},
{
"model": "integrated lights-out 4",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "2.01"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008904"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-163"
},
{
"db": "NVD",
"id": "CVE-2018-7078"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:hp:integrated_lights-out_4_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hp:integrated_lights-out_5_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008904"
}
]
},
"cve": "CVE-2018-7078",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2018-7078",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-137110",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2018-7078",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-7078",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-7078",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201808-163",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-137110",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-7078",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137110"
},
{
"db": "VULMON",
"id": "CVE-2018-7078"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008904"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-163"
},
{
"db": "NVD",
"id": "CVE-2018-7078"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A remote code execution was identified in HPE Integrated Lights-Out 4 (iLO 4) earlier than version v2.60 and HPE Integrated Lights-Out 5 (iLO 5) earlier than version v1.30. Through an integrated remote management port, Monitor and maintain the running status of the server, remotely manage and control the server, etc. An attacker could exploit this vulnerability to execute code",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7078"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008904"
},
{
"db": "VULHUB",
"id": "VHN-137110"
},
{
"db": "VULMON",
"id": "CVE-2018-7078"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7078",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1041188",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008904",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201808-163",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-137110",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-7078",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137110"
},
{
"db": "VULMON",
"id": "CVE-2018-7078"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008904"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-163"
},
{
"db": "NVD",
"id": "CVE-2018-7078"
}
]
},
"id": "VAR-201808-0934",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-137110"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:38:26.180000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "hpesbhf03844en_us",
"trust": 0.8,
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03844en_us"
},
{
"title": "HPE Integrated Lights-Out 4 and Integrated Lights-Out 5 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83969"
},
{
"title": "Subverting your server through its BMC: the HPE iLO4 case",
"trust": 0.1,
"url": "https://github.com/cjzh781119/security-blog "
},
{
"title": "Subverting your server through its BMC: the HPE iLO4 case",
"trust": 0.1,
"url": "https://github.com/airbus-seclab/ilo4_toolbox "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-7078"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008904"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-163"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7078"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1041188"
},
{
"trust": 1.1,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03844en_us"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7078"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7078"
},
{
"trust": 0.7,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-hpesbhf03844en_us"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/cjzh781119/security-blog"
},
{
"trust": 0.1,
"url": "https://github.com/airbus-seclab/ilo4_toolbox"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137110"
},
{
"db": "VULMON",
"id": "CVE-2018-7078"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008904"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-163"
},
{
"db": "NVD",
"id": "CVE-2018-7078"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-137110"
},
{
"db": "VULMON",
"id": "CVE-2018-7078"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008904"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-163"
},
{
"db": "NVD",
"id": "CVE-2018-7078"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-06T00:00:00",
"db": "VULHUB",
"id": "VHN-137110"
},
{
"date": "2018-08-06T00:00:00",
"db": "VULMON",
"id": "CVE-2018-7078"
},
{
"date": "2018-10-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008904"
},
{
"date": "2018-08-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-163"
},
{
"date": "2018-08-06T20:29:02.163000",
"db": "NVD",
"id": "CVE-2018-7078"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-05T00:00:00",
"db": "VULHUB",
"id": "VHN-137110"
},
{
"date": "2018-10-05T00:00:00",
"db": "VULMON",
"id": "CVE-2018-7078"
},
{
"date": "2018-10-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008904"
},
{
"date": "2018-08-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-163"
},
{
"date": "2024-11-21T04:11:36.797000",
"db": "NVD",
"id": "CVE-2018-7078"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-163"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HPE Integrated Lights-Out 4 and HPE Integrated Lights-Out 5 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008904"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-163"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…