Remote Information Disclosure Vulnerability in HPE Moonshot Remote Console Administrator
CVE-2017-12543

6.5MEDIUM

Key Information:

Vendor: HP
Status: Integrated Lights-out 4
Vendor: CVE Published:; 15 February 2018

Summary

A vulnerability exists in the HPE Moonshot Remote Console Administrator and specific iLO versions that allows remote attackers to disclose sensitive information. This risk affects multiple versions, emphasizing the importance of upgrading to the latest security patches to protect against unauthorized data exposure.

Affected Version(s)

Integrated Lights-Out 4 Moonshot Remote Console Administrator Prior to 2.50, iLO4 prior to v2.53, iLO3 prior to v1.89 and iLO2 prior to v2.30

References

https://support.hpe.com/hpsc/doc/public/display?docId=emr...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/101944

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 15, 2018
Vulnerability Reserved
Aug 5, 2017