CVE-2022-28630

Name of the Vulnerable Software and Affected Versions HPE Integrated Lights-Out 5 (iLO 5) versions prior to 2.71

Description A local arbitrary code execution issue was discovered, allowing an unprivileged user to execute arbitrary code, resulting in a complete loss of confidentiality and integrity, and a partial loss of availability. User interaction is required to exploit this issue. Additionally, multiple local and adjacent security issues have been identified, which could potentially result in arbitrary code execution, denial of service (DoS), sensitive information disclosure, and unauthorized data modification.

Recommendations For versions prior to 2.71, update the firmware to the latest version provided by HPE to resolve the issue. As a temporary workaround, consider restricting user interaction with the vulnerable firmware until a patch is applied.