HPE integrated Lights Out (iLO) Unspecified Flaw Lets Remote Users Bypass Authentication and Execute Arbitrary Code



SecurityTracker Alert ID: 1039222

SecurityTracker URL: http://securitytracker.com/id/1039222

CVE Reference: CVE-2017-12542 (Links to External Site)

Date: Aug 24 2017



Fix Available: Yes Vendor Confirmed: Yes



Version(s): iLO 4, prior to 2.53



Description: A vulnerability was reported in HPE integrated Lights Out (iLO). A remote user can bypass authentication and execute arbitrary code on the target system.



No details were provided.



Fabien Perigaud of Airbus Defense and Space CyberSecurity reported this vulnerability.



Impact: A remote user can bypass authentication on the target system.



A remote user can execute arbitrary code on the target system.



Solution: HPE has issued a fix (iLO 4; firmware version 2.53).



The HPE advisory is available at:



http://h20565.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03769en_us



Vendor URL: h20565.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03769en_us (Links to External Site)







Message History: None.





Source Message Contents

