Detections
Analytics

iLO 3 < 1.57 / iLO 4 < 1.22 Unspecified Arbitrary Code Execution

critical Nessus Plugin ID 69554

Language:

Synopsis

The remote HP Integrated Lights-Out (iLO) server's web interface is affected by a remote code execution vulnerability.

Description

According to its version number and single sign-on settings, the remote HP Integrated Lights-Out (iLO) server is affected by an arbitrary code execution vulnerability in its web interface.

Solution

For HP Integrated Lights-Out (iLO) 3, disable single sign-on or upgrade firmware to 1.57 or later. For iLO 4, disable single sign-on or upgrade firmware to 1.22 or later.

See Also

http://www.nessus.org/u?69c1ba3e

Plugin Details

Severity: Critical

ID: 69554

File Name: ilo_sso_unauth_access.nasl

Version: 1.7

Type: remote

Family: CGI abuses

Published: 9/3/2013

Updated: 1/19/2021

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2013-2338

Vulnerability Information

CPE: cpe:/o:hp:integrated_lights-out_3_firmware, cpe:/o:hp:integrated_lights-out_4_firmware

Required KB Items: Settings/ParanoidReport, www/ilo, ilo/generation, ilo/firmware

Exploit Ease: No known exploits are available

Patch Publication Date: 6/17/2013

Vulnerability Publication Date: 6/11/2013

Reference Information

CVE: CVE-2013-2338

BID: 60480