iLO 4 < 2.60 / iLO 5 < 1.30 Multiple Vulnerabilities
High Nessus Plugin ID 122032
Synopsis
The remote HP Integrated Lights-Out (iLO) server's web interface is
affected by multiple vulnerabilities
Description
According to its version number, the remote HP Integrated Lights-Out
(iLO) server is affected by multiple vulnerabilities:
- A remote command execution vulnerability exists in HP Integrated
Lights-Out (iLO) server due to an unspecified reason. An unauthenticated,
remote attacker can exploit this to bypass authentication and execute
arbitrary commands on the server (CVE-2018-7078).
- A denial of service (DoS) vulnerability exists in HP Integrated
Lights-Out (iLO) server due to unspecified reason.
An unauthenticated, remote attacker can exploit this
issue to cause the application to stop responding (CVE-2018-7101).
Solution
For HP Integrated Lights-Out (iLO) 4 upgrade firmware to 2.60 or later.
For iLO 5, upgrade firmware to 1.30 or later.