Local Code Execution and Denial of Service Vulnerability in HPE Integrated Lights-Out 5 Firmware
CVE-2022-28636

7.4HIGH

Key Information:

Vendor
HP
Status
HP Integrated Lights-out 5 (ilo 5)
Vendor
CVE Published:
12 August 2022

Summary

A local vulnerability in HPE Integrated Lights-Out 5 firmware versions before 2.71 allows unprivileged users to exploit isolated processes. This can lead to arbitrary code execution, resulting in a total compromise of confidentiality, integrity, and availability within that process. Additionally, attackers can trigger a denial of service, causing complete unavailability of the affected process. HPE has issued a firmware update to mitigate this risk.

Affected Version(s)

HPE Integrated Lights-Out 5 (iLO 5) Prior to 2.71

References

https://support.hpe.com/hpsc/doc/public/display?docLocale...
x_refsource_MISC

CVSS V3.1

Score:
7.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.