Oracle Integrated Lights Out Manager Default Credentials

Critical Nessus Plugin ID 61646


The remote host is protected with a default password.


Nessus was able to log into the remote host with known default Integrated Lights Out Manager (ILOM) username and password credentials. A remote attacker can exploit this to gain administrative access.


Replace the default password with a strong password.

See Also

Plugin Details

Severity: Critical

ID: 61646

File Name: oracle_ilom_default_login.nbin

Version: $Revision: 1.151 $

Type: remote

Family: Misc.

Published: 2012/08/23

Modified: 2018/03/21

Dependencies: 61645, 10267, 55900, 45555

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:H/RL:ND/RC:ND


Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:sun:embedded_lights_out_manager, cpe:/o:oracle:integrated_lights_out_manager_firmware

Excluded KB Items: global_settings/supplied_logins_only

Exploit Available: true

Exploit Ease: No exploit is required