HPE Integrated Lights Out 2 Multiple Remote Vulnerabilities

Multiple vulnerabilities in HPE Integrated Lights-Out 2 (iLO2) firmware could allow an unauthenticated, remote attacker to execute arbitrary code, bypass authentication, or cause a denial of service (DoS) condition on a targeted system.

The vulnerabilities are due to an unspecified condition that exist in the affected firmware. An attacker could exploit these vulnerabilities to execute arbitrary code, bypass authentication, or cause a DoS condition on a targeted system. A successful exploit could result in a complete system compromise.

HPE has confirmed these vulnerabilities and released software updates.

Analysis
  • Limited details are available to describe these vulnerabilities. However, a successful exploit of these vulnerabilities may result in a complete system compromise.
Safeguards
  • Administrators are advised to apply the appropriate updates.

    Administrators are advised to allow only trusted users to have network access.

    Administrators may consider using IP-based access control lists (ACLs) to allow only trusted systems to access the affected systems.

    Administrators are advised to monitor affected systems.

Vendor Announcements
  • HPE has released a security bulletin at the following link: HPESBHF03797
Fixed Software

Affected Products

HP Integrated Lights Out 2 (iLO-2) firmware – 2.29 (Base)




Duncan Newell

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: