HPE Integrated Lights Out 2 Multiple Remote Vulnerabilities
Multiple vulnerabilities in HPE Integrated Lights-Out 2 (iLO2) firmware could allow an unauthenticated, remote attacker to execute arbitrary code, bypass authentication, or cause a denial of service (DoS) condition on a targeted system.
The vulnerabilities are due to an unspecified condition that exist in the affected firmware. An attacker could exploit these vulnerabilities to execute arbitrary code, bypass authentication, or cause a DoS condition on a targeted system. A successful exploit could result in a complete system compromise.
HPE has confirmed these vulnerabilities and released software updates.
-
Limited details are available to describe these vulnerabilities. However, a successful exploit of these vulnerabilities may result in a complete system compromise.
-
Administrators are advised to apply the appropriate updates.
Administrators are advised to allow only trusted users to have network access.
Administrators may consider using IP-based access control lists (ACLs) to allow only trusted systems to access the affected systems.
Administrators are advised to monitor affected systems.
-
HPE has released a security bulletin at the following link: HPESBHF03797
-
HPE has released updated firmware at the following link: iLO2 version 2.31
Affected Products
HP Integrated Lights Out 2 (iLO-2) firmware – 2.29 (Base)
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.