CVE-2022-28636

Name of the Vulnerable Software and Affected Versions HPE Integrated Lights-Out 5 (iLO 5) versions prior to 2.71

Description A potential local arbitrary code execution and a local denial of service (DoS) vulnerability were discovered in the firmware. An unprivileged user could locally exploit this issue to potentially execute arbitrary code in an isolated process, resulting in a complete loss of confidentiality, integrity, and availability within that process. Additionally, an unprivileged user could exploit a denial of service (DoS) vulnerability in an isolated process, resulting in a complete loss of availability within that process. A successful attack depends on conditions beyond the attacker's control.

Recommendations For HPE Integrated Lights-Out 5 (iLO 5) versions prior to 2.71, update the firmware to version 2.71 or later to resolve the issue.