HPESBHF03875 rev.1 – HPE Integrated Lights Out 4 and 5, (iLO 4, 5), Remote Denial of Service


Release Date: 2018-08-14

Last Updated: 2018-08-15

Potential Security Impact: Remote: Denial of Service (DoS)

Source: Hewlett Packard Enterprise, HPE Product Security Response Team


A potential security vulnerability has been identified in HPE Integrated Lights Out 4 and 5 (iLO 4,5). The vulnerability could be exploited remotely to allow denial of service.

References: CVE-2018-7101

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

  • HPE Integrated Lights-Out 4 (iLO 4) – Prior to 2.60
  • HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers – Prior to 1.30


CVSS Version 3.0 and Version 2.0 Base Metrics

ReferenceV3 VectorV3 Base ScoreV2 VectorV2 Base Score

Information on CVSS is documented in HPE Customer Notice: HPSN-2008-002

Hewlett Packard Enterprise would like to thank Matias Soler, working with Immunity Inc. for reporting this vulnerability to [email protected]


HPE has made the following software updates and mitigation information to resolve the vulnerability in HPE Integrated Lights Out 4 and Integrated Lights 5. Please visit HPE Support Center to download the updates:


Version:1 (rev.1) – 14 August 2018 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer’s patch management policy.