iLO 3 < 1.65 / iLO 4 < 1.32 Multiple Vulnerabilities

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote HP Integrated Lights-Out (iLO) server's web interface is
affected by multiple vulnerabilities.

Description :

According to its version number, the remote HP Integrated Lights-Out
(iLO) server is affected by the following vulnerabilities :

- An unspecified error exists that could allow cross-
site scripting attacks. (CVE-2013-4842 / SSRT101323)

- An unspecified error exists that could allow an
attacker to obtain sensitive information.
(CVE-2013-4843 / SSRT101326)

See also :

http://www.nessus.org/u?e54f666d

Solution :

For HP Integrated Lights-Out (iLO) 3 upgrade firmware to 1.65 or later.
For iLO 4, upgrade firmware to 1.32 or later.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:N)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: CGI abuses

Nessus Plugin ID: 71494 ()

Bugtraq ID: 63689
63691

CVE ID: CVE-2013-4842
CVE-2013-4843