PT-2018-17893 · Hewlett Packard · Hpe Integrated Lights-Out 5+4

Published

2018-06-26

Updated

2018-10-05

CVE-2018-7078

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions HPE Integrated Lights-Out 4 versions prior to v2.60 HPE Integrated Lights-Out 5 versions prior to v1.30 HPE iLO Moonshot versions prior to 2.55 HPE Moonshot iLO Chassis Manager versions prior to 1.58

Description A remote code execution issue was identified, allowing an administrative user to execute code remotely or locally. This could be exploited by an administrative user to gain unauthorized access.

Recommendations For HPE Integrated Lights-Out 4 versions prior to v2.60, update to version v2.60 or later. For HPE Integrated Lights-Out 5 versions prior to v1.30, update to version v1.30 or later. For HPE iLO Moonshot versions prior to 2.55, update to version 2.55 or later. For HPE Moonshot iLO Chassis Manager versions prior to 1.58, update to version 1.58 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2018-7078

Affected Products

Hpe Integrated Lights-Out 4

Hpe Integrated Lights-Out 5

Hpe Moonshot Ilo Chassis Manager

Hpe Ilo

Hpe Ilo Moonshot

PT-2018-17893 · Hewlett Packard · Hpe Integrated Lights-Out 5+4

CVE-2018-7078

Related Identifiers

Affected Products

References · 4