Lucene search

HpeCVE-2018-7105

HistorySep 27, 2018 - 6:29 p.m.

CVE-2018-7105

2018-09-2718:29:00

hpe

web.nvd.nist.gov

105

hpe

integrated lights-out

ilo

security vulnerability

remote exploitation

arbitrary code execution

information disclosure

cve-2018-7105

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

High

EPSS

0.005

Percentile

77.4%

JSON

A security vulnerability in HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers prior to v1.35, HPE Integrated Lights-Out 4 (iLO 4) prior to v2.61, HPE Integrated Lights-Out 3 (iLO 3) prior to v1.90 could be remotely exploited to execute arbitrary code leading to disclosure of information.

Affected configurations

Nvd

Node

hpintegrated_lights-out_5_firmwareRange<1.35

AND

hpgen_10_serversMatch-

hpintegrated_lights-outMatch-

Node

hpintegrated_lights-out_3_firmwareRange<1.90

hpintegrated_lights-out_4_firmwareRange<2.61

AND

hpintegrated_lights-outMatch-

VendorProductVersionCPE
hpintegrated_lights-out_5_firmware*cpe:2.3:o:hp:integrated_lights-out_5_firmware:*:*:*:*:*:*:*:*
hpgen_10_servers-cpe:2.3:h:hp:gen_10_servers:-:*:*:*:*:*:*:*
hpintegrated_lights-out-cpe:2.3:h:hp:integrated_lights-out:-:*:*:*:*:*:*:*
hpintegrated_lights-out_3_firmware*cpe:2.3:o:hp:integrated_lights-out_3_firmware:*:*:*:*:*:*:*:*
hpintegrated_lights-out_4_firmware*cpe:2.3:o:hp:integrated_lights-out_4_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
hp	integrated_lights-out_5_firmware	*	cpe:2.3:o:hp:integrated_lights-out_5_firmware::::::::
hp	gen_10_servers	-	cpe:2.3:h:hp:gen_10_servers:-:::::::*
hp	integrated_lights-out	-	cpe:2.3:h:hp:integrated_lights-out:-:::::::*
hp	integrated_lights-out_3_firmware	*	cpe:2.3:o:hp:integrated_lights-out_3_firmware::::::::
hp	integrated_lights-out_4_firmware	*	cpe:2.3:o:hp:integrated_lights-out_4_firmware::::::::

CNA Affected

[
  {
    "product": "HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers, HPE Integrated Lights-Out 4 (iLO 4), HPE Integrated Lights-Out 3 (iLO 3)",
    "vendor": "Hewlett Packard Enterprise",
    "versions": [
      {
        "status": "affected",
        "version": "HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers prior to v1.35, HPE Integrated Lights-Out 4 (iLO 4) prior to v2.61, HPE Integrated Lights-Out 3 (iLO 3) prior to v1.90"
      }
    ]
  }
]

References

www.securityfocus.com/bid/105425

www.securitytracker.com/id/1041649

support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03866en_us

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

High

EPSS

0.005

Percentile

77.4%

JSON

Related for CVE-2018-7105