CVE-2022-28629

Name of the Vulnerable Software and Affected Versions HPE Integrated Lights-Out 5 (iLO 5) versions prior to 2.71

Description A local arbitrary code execution issue was discovered, allowing a low privileged user to execute arbitrary code, resulting in a complete loss of confidentiality, integrity, and availability. This could lead to sensitive information disclosure, denial of service, and unauthorized data modification.

Recommendations For versions prior to 2.71, update the firmware to the latest version to resolve the issue. As a temporary workaround, consider restricting access to the firmware until a patch is applied.