iLO 3 < 1.65 / iLO 4 < 1.32 Multiple Vulnerabilities

Medium Nessus Plugin ID 71494

Synopsis

The remote HP Integrated Lights-Out (iLO) server's web interface is affected by multiple vulnerabilities.

Description

According to its version number, the remote HP Integrated Lights-Out (iLO) server is affected by the following vulnerabilities :

- An unspecified error exists that could allow cross- site scripting attacks. (CVE-2013-4842 / SSRT101323)

- An unspecified error exists that could allow an attacker to obtain sensitive information.
(CVE-2013-4843 / SSRT101326)

Solution

For HP Integrated Lights-Out (iLO) 3 upgrade firmware to 1.65 or later. For iLO 4, upgrade firmware to 1.32 or later.

See Also

http://www.nessus.org/u?42aaace9

Plugin Details

Severity: Medium

ID: 71494

File Name: ilo_1_32__1_65.nasl

Version: 1.7

Type: remote

Family: CGI abuses

Published: 2013/12/17

Updated: 2018/11/28

Dependencies: 20285

Configuration: Enable paranoid mode

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:N

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:hp:integrated_lights-out_firmware

Required KB Items: Settings/ParanoidReport, www/ilo, ilo/generation, ilo/firmware

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2013/11/12

Vulnerability Publication Date: 2013/11/12

Reference Information

CVE: CVE-2013-4842, CVE-2013-4843

BID: 63689, 63691

CWE: 20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990