PT-2022-19121 · Hewlett Packard · Hpe Integrated Lights-Out 5+1
Published
2022-07-28
·
Updated
2022-08-16
·
CVE-2022-28632
CVSS v3.1
8.8
High
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
HPE Integrated Lights-Out 5 (iLO 5) versions prior to 2.71
Description
A potential arbitrary code execution and a denial of service (DoS) vulnerability were discovered in the firmware. An unprivileged user could exploit this vulnerability in an adjacent network to potentially execute arbitrary code in an isolated process, resulting in a complete loss of confidentiality, integrity, and availability within that process. Additionally, an unprivileged user could exploit a denial of service (DoS) vulnerability in an isolated process, resulting in a complete loss of availability within that process.
Recommendations
For versions prior to 2.71, update the firmware to the latest version provided by HPE to resolve the vulnerability.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Hpe Integrated Lights-Out 5
Hpe Ilo