Remote Buffer Overflow Vulnerability in HPE Integrated Lights-Out 4 and 5
CVE-2019-11983

7HIGH

Key Information:

Vendor: HP
Status: HPe Ilo4 And HPe Ilo5
Vendor: CVE Published:; 5 June 2019

Summary

A remote buffer overflow vulnerability affects earlier versions of HPE Integrated Lights-Out 4 for Gen9 servers and HPE Integrated Lights-Out 5 for Gen10 servers. If exploited, this vulnerability could allow an attacker to execute arbitrary code remotely, potentially compromising the security and integrity of the servers. It is crucial for users to update to the latest versions to mitigate this risk.

Affected Version(s)

HPE iLO4 and HPE iLO5 iLO4 prior to v2.61b and iLO5 prior to v1.39

References

https://support.hpe.com/hpsc/doc/public/display?docLocale...

x_refsource_CONFIRM

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 5, 2019
Vulnerability Reserved
May 13, 2019