iLO 3 < 1.65 / iLO 4 < 1.32 Multiple Vulnerabilities

This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.

Synopsis :

The remote HP Integrated Lights-Out (iLO) server's web interface is
affected by multiple vulnerabilities.

Description :

According to its version number, the remote HP Integrated Lights-Out
(iLO) server is affected by the following vulnerabilities :

- An unspecified error exists that could allow cross-
site scripting attacks. (CVE-2013-4842 / SSRT101323)

- An unspecified error exists that could allow an
attacker to obtain sensitive information.
(CVE-2013-4843 / SSRT101326)

See also :

Solution :

For HP Integrated Lights-Out (iLO) 3 upgrade firmware to 1.65 or later.
For iLO 4, upgrade firmware to 1.32 or later.

Risk factor :

Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.9
Public Exploit Available : true

Family: CGI abuses

Nessus Plugin ID: 71494 ()

Bugtraq ID: 63689

CVE ID: CVE-2013-4842

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now