Remote Code Execution Vulnerability in HP Integrated Lights-Out 3 and 4
CVE-2013-2338

Currently unrated

Key Information:

Vendor: HP
Status: Integrated Lights-out 3 Firmware
Vendor: CVE Published:; 14 June 2013

What is CVE-2013-2338?

An unspecified vulnerability in HP Integrated Lights-Out 3 (iLO3) and iLO4 firmware prior to versions 1.57 and 1.22 respectively, poses a security risk that allows attackers to remotely execute arbitrary code. This vulnerability manifests when Single-Sign-On (SSO) functionality is utilized, thus potentially compromising server management systems and sensitive operations.

References

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/doc...

vendor-advisoryx_refsource_HP

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/doc...

vendor-advisoryx_refsource_HP

EPSS Score

26% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jun 14, 2013