PT-2022-19114 · Hewlett Packard · Hpe Integrated Lights-Out 5+1
Published
2022-07-28
·
Updated
2022-08-16
·
CVE-2022-28626
CVSS v3.1
6.7
Medium
| Vector | AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
HPE Integrated Lights-Out 5 (iLO 5) versions prior to 2.71
Description
A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware. A highly privileged user could locally exploit this vulnerability to execute arbitrary code, resulting in a complete loss of confidentiality, integrity, and availability. Exploitation of the vulnerabilities could potentially result in arbitrary code execution, denial of service (DoS), sensitive information disclosure, and unauthorized data modification.
Recommendations
For HPE Integrated Lights-Out 5 (iLO 5) versions prior to 2.71, update the firmware to a version provided by HPE to resolve this vulnerability.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Hpe Integrated Lights-Out 5
Hpe Ilo