Local Arbitrary Code Execution in HPE Integrated Lights-Out 5 Firmware
CVE-2022-28630
7.3HIGH
What is CVE-2022-28630?
A local arbitrary code execution vulnerability has been identified in the HPE Integrated Lights-Out 5 (iLO 5) firmware, specifically in versions prior to 2.71. This weakness allows an unprivileged user to exploit the system locally, executing arbitrary code that can compromise confidentiality and integrity. Although user interaction is necessary for the exploit, the consequences include a substantial risk to system availability. HPE has released a firmware update to address this critical vulnerability. For more details, visit the official documentation at HPE.
Affected Version(s)
HPE Integrated Lights-Out 5 (iLO 5) Prior to 2.71