Release Date: 2018-08-14

Last Updated: 2018-08-15


Potential Security Impact: Remote: Denial of Service (DoS)

Source: Hewlett Packard Enterprise, HPE Product Security Response Team

VULNERABILITY SUMMARY

A potential security vulnerability has been identified in HPE Integrated Lights Out 4 and 5 (iLO 4,5). The vulnerability could be exploited remotely to allow denial of service.

References: CVE-2018-7101

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

  • HPE Integrated Lights-Out 4 (iLO 4) – Prior to 2.60
  • HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers – Prior to 1.30

BACKGROUND

CVSS Version 3.0 and Version 2.0 Base Metrics

ReferenceV3 VectorV3 Base ScoreV2 VectorV2 Base Score
CVE-2018-7101CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.5(AV:N/AC:M/Au:N/C:N/I:N/A:C)7.1

Information on CVSS is documented in HPE Customer Notice: HPSN-2008-002

Hewlett Packard Enterprise would like to thank Matias Soler, working with Immunity Inc. for reporting this vulnerability to [email protected]

RESOLUTION

HPE has made the following software updates and mitigation information to resolve the vulnerability in HPE Integrated Lights Out 4 and Integrated Lights 5. Please visit HPE Support Center to download the updates:

https://support.hpe.com/hpesc/public/home

HISTORY 
Version:1 (rev.1) – 14 August 2018 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer’s patch management policy.

Articolo precedenteWindows 10 nasconde una versione “Universale” di Esplora File. Ecco come attivarla
Prossimo articoloHPESBHF03866 rev.2 – HPE Integrated Lights-Out 3,4,5 using SSH, Remote Execution of Arbitrary Code, Local Disclosure of Sensitive Information
Founder of Smeretech.com. Sys Admin and IT Manager