iLO 2 < 2.27 / iLO 3 < 1.82 / iLO 4 < 2.10 Denial of Service Vulnerability

medium Nessus Plugin ID 122190

Synopsis

The remote HP Integrated Lights-Out (iLO) server's web interface is affected by a denial of service vulnerability.

Description

A denial of service (DoS) vulnerability exists in Integrated Lights-Out (iLO) due to an undisclosed vulnerability. An unauthenticated, remote attacker can exploit this issue to cause the application to stop responding.

Solution

For iLO 2, upgrade firmware to 2.27 or later. For iLO 3, upgrade firmware to 1.82 or later.
For iLO 4, upgrade firmware to 2.10 or later.

See Also

http://www.nessus.org/u?c250bedf

http://www.nessus.org/u?01654ca1

Plugin Details

Severity: Medium

ID: 122190

File Name: ilo_HPSSRT_101886.nasl

Version: 1.5

Type: remote

Family: CGI abuses

Published: 2/14/2019

Updated: 5/18/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 1.4

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Temporal Score: 4.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P

CVSS Score Source: CVE-2015-2106

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:hp:integrated_lights-out_firmware

Required KB Items: www/ilo, ilo/generation, ilo/firmware, ilo/cardtype

Exploit Ease: No known exploits are available

Patch Publication Date: 3/30/2015

Vulnerability Publication Date: 3/31/2015

Reference Information

CVE: CVE-2015-2106