CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
28.5%
A potential arbitrary code execution and a denial of service (DoS) vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could exploit this vulnerability in an adjacent network to potentially execute arbitrary code in an isolated process resulting in a complete loss of confidentiality, integrity, and availability within that process. In addition, an unprivileged user could exploit a denial of service (DoS) vulnerability in an isolated process resulting in a complete loss of availability within that process. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5).
Vendor | Product | Version | CPE |
---|---|---|---|
hpe | integrated_lights-out_5_firmware | * | cpe:2.3:o:hpe:integrated_lights-out_5_firmware:*:*:*:*:*:*:*:* |
hpe | apollo_2000_gen10_plus_system | - | cpe:2.3:h:hpe:apollo_2000_gen10_plus_system:-:*:*:*:*:*:*:* |
hpe | apollo_4200_gen10_server | - | cpe:2.3:h:hpe:apollo_4200_gen10_server:-:*:*:*:*:*:*:* |
hpe | apollo_4510_gen10_system | - | cpe:2.3:h:hpe:apollo_4510_gen10_system:-:*:*:*:*:*:*:* |
hpe | apollo_6500_gen10_plus_system | - | cpe:2.3:h:hpe:apollo_6500_gen10_plus_system:-:*:*:*:*:*:*:* |
hpe | apollo_6500_gen10_system | - | cpe:2.3:h:hpe:apollo_6500_gen10_system:-:*:*:*:*:*:*:* |
hpe | apollo_n2600_gen10_plus | - | cpe:2.3:h:hpe:apollo_n2600_gen10_plus:-:*:*:*:*:*:*:* |
hpe | apollo_n2800_gen10_plus | - | cpe:2.3:h:hpe:apollo_n2800_gen10_plus:-:*:*:*:*:*:*:* |
hpe | apollo_r2600_gen10 | - | cpe:2.3:h:hpe:apollo_r2600_gen10:-:*:*:*:*:*:*:* |
hpe | apollo_r2800_gen10 | - | cpe:2.3:h:hpe:apollo_r2800_gen10:-:*:*:*:*:*:*:* |