CVE-2024-20906

Name of the Vulnerable Software and Affected Versions Oracle Integrated Lights Out Manager (ILOM) versions 3 through 5

Description The issue is related to insufficient input validation in the System Management component of Oracle Integrated Lights Out Manager (ILOM). This easily exploitable vulnerability allows a high-privileged attacker with network access via ICMP to compromise ILOM, potentially impacting additional products. Successful attacks require human interaction from a person other than the attacker and can result in unauthorized update, insert, or delete access to some of ILOM's accessible data, as well as unauthorized read access to a subset of ILOM's accessible data.

Recommendations For versions 3 through 5, consider restricting access to the System Management component until a patch is available. As a temporary workaround, consider disabling remote access via ICMP to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.