Detections
Analytics

HP Integrated Lights-Out Information Disclosure (CVE-2018-7112)

medium Tenable OT Security Plugin ID 504408

Synopsis

The remote OT asset is affected by a vulnerability.

Description

The HPE-provided Windows firmware installer for certain Gen9, Gen8, G7,and G6 HPE servers allows local disclosure of privileged information. This issue was resolved in previously provided firmware updates as follows. The HPE Windows firmware installer was updated in the system ROM updates which also addressed the original Spectre/Meltdown set of vulnerabilities. At that time, the Windows firmware installer was also updated in the versions of HPE Integrated Lights-Out 2, 3, and 4 (iLO 2, 3, and 4) listed in the security bulletin. The updated HPE Windows firmware installer was released in the system ROM and HPE Integrated Lights-Out (iLO) releases documented in earlier HPE Security Bulletins: HPESBHF03805, HPESBHF03835, HPESBHF03831. Windows-based systems that have already been updated to the system ROM or iLO versions described in these security bulletins require no further action.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

See Also

http://www.securitytracker.com/id/1041984

http://www.nessus.org/u?b8e84743

http://www.nessus.org/u?edd33d46

http://www.nessus.org/u?bc7a6d4d

http://www.nessus.org/u?b4e0dabe

Plugin Details

Severity: Medium

ID: 504408

Version: 1.1

Type: remote

Family: Tenable.ot

Published: 11/13/2025

Updated: 11/13/2025

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 4.9

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N

CVSS Score Source: CVE-2018-7112

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Vulnerability Information

CPE: cpe:/o:hp:integrated_lights-out_4_firmware, cpe:/o:hp:integrated_lights-out_3_firmware, cpe:/o:hp:integrated_lights-out_2_firmware

Required KB Items: Tenable.ot/HP

Exploit Ease: No known exploits are available

Patch Publication Date: 12/3/2018

Vulnerability Publication Date: 12/3/2018

Reference Information

CVE: CVE-2018-7112