Release Date: 2018-08-14
Last Updated: 2018-08-15
Potential Security Impact: Remote: Denial of Service (DoS)
Source: Hewlett Packard Enterprise, HPE Product Security Response Team
A potential security vulnerability has been identified in HPE Integrated Lights Out 4 and 5 (iLO 4,5). The vulnerability could be exploited remotely to allow denial of service.
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
- HPE Integrated Lights-Out 4 (iLO 4) – Prior to 2.60
- HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers – Prior to 1.30
CVSS Version 3.0 and Version 2.0 Base Metrics
|Reference||V3 Vector||V3 Base Score||V2 Vector||V2 Base Score|
Information on CVSS is documented in HPE Customer Notice: HPSN-2008-002
Hewlett Packard Enterprise would like to thank Matias Soler, working with Immunity Inc. for reporting this vulnerability to [email protected]
HPE has made the following software updates and mitigation information to resolve the vulnerability in HPE Integrated Lights Out 4 and Integrated Lights 5. Please visit HPE Support Center to download the updates:
Version:1 (rev.1) – 14 August 2018 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer’s patch management policy.