Remote Code Execution Vulnerability in HPE Integrated Lights-Out Products
CVE-2018-7078

7.2HIGH

Key Information:

Vendor: HP
Status: HP Integrated Lights-out 4 (ilo 4), HP Integrated Lights-out 5 (ilo 5)
Vendor: CVE Published:; 6 August 2018

What is CVE-2018-7078?

A remote code execution vulnerability exists in HPE Integrated Lights-Out (iLO) versions prior to v2.60 for iLO 4 and v1.30 for iLO 5. This flaw can allow an attacker to execute arbitrary code on the affected devices, which may compromise the security of the entire environment. Users are urged to update their iLO firmware to mitigate potential risks associated with this vulnerability.

Affected Version(s)

HPE Integrated Lights-Out 4 (iLO 4), HPE Integrated Lights-Out 5 (iLO 5) iLO 4 earlier than version v2.60, iLO 5 earlier than version v1.30

References

https://support.hpe.com/hpsc/doc/public/display?docLocale...

x_refsource_CONFIRM

http://www.securitytracker.com/id/1041188

vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 6, 2018
Vulnerability Reserved
Feb 15, 2018