Remote Code Execution Vulnerability in HP Integrated Lights-Out Firmware
CVE-2014-7876

Currently unrated

Key Information:

Vendor: HP
Status: Integrated Lights-out 2 Firmware; Integrated Lights-out Chassis Management Firmware; Integrated Lights-out 4 Firmware
Vendor: CVE Published:; 31 March 2015

Summary

An unspecified vulnerability exists in HP Integrated Lights-Out (iLO) firmware versions prior to 2.27 for iLO 2 and 2.03 for iLO 4, as well as in iLO Chassis Management firmware versions prior to 1.30. This vulnerability can be exploited remotely, allowing attackers to gain unauthorized privileges, execute arbitrary code, or trigger a denial of service. The attack vectors remain unknown, highlighting the necessity for users to apply the latest firmware updates to protect their systems.

References

http://www.securitytracker.com/id/1031972

vdb-entryx_refsource_SECTRACK

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/doc...

vendor-advisoryx_refsource_HP

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/doc...

vendor-advisoryx_refsource_HP

EPSS Score

20% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 31, 2015
Vulnerability Reserved
Oct 6, 2014