CVE-2023-50272

7.5HIGH

Key Information

Vendor: HP
Status: HPE Integrated Lights-out 5 (iLO 5), HPE Integrated Lights-out 6 (iLO 6),
Vendor: CVE Published:; 19 December 2023

Summary

A potential security vulnerability has been identified in HPE Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 6 (iLO 6). The vulnerability could be remotely exploited to allow authentication bypass.

Affected Version(s)

HPE Integrated Lights-out 5 (iLO 5), HPE Integrated Lights-out 6 (iLO 6), = iLO 5 - v2.63 through versions prior to v3.00

HPE Integrated Lights-out 5 (iLO 5), HPE Integrated Lights-out 6 (iLO 6), = iLO 6 - v1.05 through versions prior to v1.55

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published.
Dec 19, 2023
Vulnerability Reserved.
Dec 6, 2023

Collectors

NVD DatabaseMitre Database