Local Data Modification and Disclosure Vulnerability in HPE Integrated Lights-Out 5 Firmware
CVE-2022-28633
7.3HIGH
What is CVE-2022-28633?
A vulnerability was identified in HPE Integrated Lights-Out 5 (iLO 5) firmware versions prior to 2.71, allowing an unprivileged user to exploit local access. This flaw enables attackers to read and write to the iLO 5 firmware file system, leading to a complete loss of confidentiality and a partial loss of integrity and availability of the system. HPE has issued a firmware update to address this critical issue and mitigate the associated risks.
Affected Version(s)
HPE Integrated Lights-Out 5 (iLO 5) Prior to 2.71