6/19/2023 0 Comments Hpe ilo vulnerability“An attacker who has already compromised a network can now can easily lock out an admin from fixing or mitigating against an attack,” said Tod Beardsley, Rapid7’s research director. It allows system administrators to remotely manage servers. The Hewlett-Packard iLO is an embedded server management technology for ProLiant servers that consists of a physical card with a separate network connection. iLO5 devices were not tested, according to a Rapid7 technical brief on the vulnerability written by Sam Huckins, the company’s program manager. Not impacted are newer versions of the firmware (1.8, 1.82, 1.85, and 1.87) along with firmware for iLO4 (v2.55). 22 and has made patches available.Īffected is the v1.88 firmware for HPE’s Integrated Lights-Out 3 (iLO3). The vulnerability (CVE-2017-8987) is rated “high severity”, with a CVSS base score of 8.6, and was discovered by Rapid7 researchers in September. The bug allows an attacker to launch an unauthenticated remote denial of service attack that could contribute to a crippling on vulnerable datacenters under some conditions. Hewlett Packard Enterprise has patched a vulnerability in its remote management hardware called Integrated Lights-Out 3 that is used in its popular line of HP ProLiant servers.
0 Comments
Leave a Reply. |