TLS Vulnerability in HPE Integrated Lights-Out 3 Firmware
CVE-2016-4379
3.7LOW
What is CVE-2016-4379?
The TLS implementation in HPE Integrated Lights-Out 3 firmware prior to version 1.88 has a significant vulnerability that fails to apply a proper MAC protection mechanism alongside CBC padding. This oversight enables remote attackers to conduct padding-oracle attacks, potentially exposing sensitive information. These attacks exploit weaknesses in how the product handles CBC padding, making it necessary for organizations to assess and update their firmware to mitigate risks associated with this vulnerability.