iLO 3 < 1.65 / iLO 4 < 1.32 Multiple Vulnerabilities

medium Nessus Plugin ID 71494

Synopsis

The remote HP Integrated Lights-Out (iLO) server's web interface is affected by multiple vulnerabilities.

Description

According to its version number, the remote HP Integrated Lights-Out (iLO) server is affected by the following vulnerabilities :

- An unspecified error exists that could allow cross- site scripting attacks. (CVE-2013-4842 / SSRT101323)

- An unspecified error exists that could allow an attacker to obtain sensitive information.
(CVE-2013-4843 / SSRT101326)

Solution

For HP Integrated Lights-Out (iLO) 3 upgrade firmware to 1.65 or later. For iLO 4, upgrade firmware to 1.32 or later.

See Also

http://www.nessus.org/u?42aaace9

Plugin Details

Severity: Medium

ID: 71494

File Name: ilo_1_32__1_65.nasl

Version: 1.8

Type: remote

Family: CGI abuses

Published: 12/17/2013

Updated: 1/19/2021

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:N

Vulnerability Information

CPE: cpe:/o:hp:integrated_lights-out_firmware

Required KB Items: Settings/ParanoidReport, www/ilo, ilo/generation, ilo/firmware

Exploit Ease: No known exploits are available

Patch Publication Date: 11/12/2013

Vulnerability Publication Date: 11/12/2013

Reference Information

CVE: CVE-2013-4842, CVE-2013-4843

BID: 63689, 63691

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990