CVE-2022-28628

Name of the Vulnerable Software and Affected Versions HPE Integrated Lights-Out 5 (iLO 5) versions prior to 2.71

Description A local arbitrary code execution issue was discovered, allowing an unprivileged user to execute arbitrary code, resulting in a complete loss of confidentiality, integrity, and availability. This could lead to sensitive information disclosure, denial of service, and unauthorized data modification.

Recommendations For versions prior to 2.71, update the firmware to resolve this issue. As a temporary workaround, consider restricting access to the firmware until a patch is available.