Lucene search

[email protected]CVE-2018-7093

HistoryAug 14, 2018 - 2:29 p.m.

CVE-2018-7093

2018-08-1414:29:00

[email protected]

web.nvd.nist.gov

security

vulnerability

hpe

integrated lights-out

ilo

moonshot

firmware

denial of service

nvd

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

8.2 High

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.001 Low

EPSS

Percentile

37.3%

JSON

A security vulnerability in HPE Integrated Lights-Out 3 prior to v1.90, iLO 4 prior to v2.60, iLO 5 prior to v1.30, Moonshot Chassis Manager firmware prior to v1.58, and Moonshot Component Pack prior to v2.55 could be remotely exploited to create a denial of service.

Affected configurations

NVD

Node

hpintegrated_lights-out_3_firmwareRange<1.90

hpintegrated_lights-out_4_firmwareRange<2.60

hpintegrated_lights-out_5_firmwareRange<1.30

hpmoonshot_chassis_manager_firmwareRange<1.58

AND

hpintegrated_lights-outMatch-

Node

hpmoonshot_component_pack_firmwareRange<2.55

AND

hpmoonshot_component_packMatch-

CPENameOperatorVersion
hp:integrated_lights-out_3_firmwarehp integrated lights-out 3 firmwarelt1.90
hp:integrated_lights-out_4_firmwarehp integrated lights-out 4 firmwarelt2.60
hp:integrated_lights-out_5_firmwarehp integrated lights-out 5 firmwarelt1.30
hp:moonshot_chassis_manager_firmwarehp moonshot chassis manager firmwarelt1.58

CPE	Name	Operator	Version
hp:integrated_lights-out_3_firmware	hp integrated lights-out 3 firmware	lt	1.90
hp:integrated_lights-out_4_firmware	hp integrated lights-out 4 firmware	lt	2.60
hp:integrated_lights-out_5_firmware	hp integrated lights-out 5 firmware	lt	1.30
hp:moonshot_chassis_manager_firmware	hp moonshot chassis manager firmware	lt	1.58

CNA Affected

[
  {
    "product": "iLO 5 for HPE Gen10 Servers, iLO 4, iLO 3, Moonshot Chassis Management Firmware, Moonshot Component Packs for HPE ProLiant m510 and m710x server cartridges",
    "vendor": "Hewlett Packard Enterprise",
    "versions": [
      {
        "status": "affected",
        "version": "iLO 5 for HPE Gen10 Servers - Prior to v1.30, iLO 4 - Prior to v2.60, iLO 3 - Prior to v1.90, Moonshot Chassis Management Firmware - Prior to 1.58, Moonshot Component Packs - Prior to 2.55 for HPE ProLiant m510 and m710x server cartridges"
      }
    ]
  }
]

References

www.securitytracker.com/id/1041435

support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03835en_us

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

8.2 High

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.001 Low

EPSS

Percentile

37.3%

JSON

Related for CVE-2018-7093

cvelist1 nvd1 prion1