Local Code Execution and Denial of Service in HPE Integrated Lights-Out 5 Firmware
CVE-2022-28635

7.4HIGH

Key Information:

Vendor: HP
Status: HP Integrated Lights-out 5 (ilo 5)
Vendor: CVE Published:; 11 August 2022

Summary

A vulnerability exists in the HPE Integrated Lights-Out 5 (iLO 5) firmware, allowing unprivileged users to locally exploit issues that can lead to arbitrary code execution and denial of service (DoS) within isolated processes. If successfully exploited, this can result in significant breaches of confidentiality, integrity, and availability specifically within the affected process. The flaw can be mitigated through a firmware update provided by HPE, available for versions prior to 2.71.

Affected Version(s)

HPE Integrated Lights-Out 5 (iLO 5) Prior to 2.71

References

https://support.hpe.com/hpsc/doc/public/display?docLocale...

x_refsource_MISC

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 11, 2022
Vulnerability Reserved
Apr 4, 2022