Local Code Execution Vulnerability in HPE Integrated Lights-Out 5 Firmware
CVE-2022-28629

7.8HIGH

Key Information:

Vendor: HP
Status: HP Integrated Lights-out 5 (ilo 5)
Vendor: CVE Published:; 12 August 2022

Summary

A local arbitrary code execution vulnerability in HPE Integrated Lights-Out 5 (iLO 5) allows low privileged users to execute malicious code on the system. This can lead to significant security risks, including unauthorized access to sensitive data and system resources. HPE has issued a firmware update to mitigate this risk, making it critical for users to upgrade to at least version 2.71 to protect their environments.

Affected Version(s)

HPE Integrated Lights-Out 5 (iLO 5) Prior to 2.71

References

https://support.hpe.com/hpsc/doc/public/display?docLocale...

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 12, 2022
Vulnerability Reserved
Apr 4, 2022