CVE-2022-28631

Name of the Vulnerable Software and Affected Versions HPE Integrated Lights-Out 5 (iLO 5) versions prior to 2.71

Description A potential arbitrary code execution and a denial of service (DoS) vulnerability were discovered in the firmware. An unprivileged user could exploit this vulnerability in an adjacent network to potentially execute arbitrary code in an isolated process, resulting in a complete loss of confidentiality, integrity, and availability within that process. Additionally, an unprivileged user could exploit a denial of service (DoS) vulnerability in an isolated process, resulting in a complete loss of availability within that process.

Recommendations For versions prior to 2.71, update the firmware to the latest version provided by HPE to resolve the vulnerability. As a temporary workaround, consider restricting access to the isolated process to minimize the risk of exploitation.