CVE-2018-7105

🗓️ 27 Sep 2018 18:00:00Reported by hpeType

A security vulnerability in HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers prior to v1.35, HPE Integrated Lights-Out 4 (iLO 4) prior to v2.61, HPE Integrated Lights-Out 3 (iLO 3) prior to v1.90 could be remotely exploited to execute arbitrary code leading to disclosure of information

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2018-7105	13 Jul 202108:42	–	circl
CNVD	HPE Integrated Lights-Out 5 Arbitrary Code Execution Vulnerability	29 Sep 201800:00	–	cnvd
Cvelist	CVE-2018-7105	27 Sep 201818:00	–	cvelist
EUVD	EUVD-2018-18848	7 Oct 202500:30	–	euvd
Tenable Nessus	iLO 3 < 1.90 / iLO 4 < 2.61 / iLO 5 < 1.35 Remote Code Execution Vulnerability (HPESBHF03866)	27 Mar 202000:00	–	nessus
Tenable Nessus	HP Integrated Lights-Out Improper Input Validation (CVE-2018-7105)	13 Nov 202500:00	–	nessus
NVD	CVE-2018-7105	27 Sep 201818:29	–	nvd
OSV	CVE-2018-7105	27 Sep 201818:29	–	osv
Prion	Information disclosure	27 Sep 201818:29	–	prion

NVD

Node

hp integrated_lights-out_5_firmwareRange<1.35

AND

hp gen_10_serversMatch-

hp integrated_lights-outMatch-

Node

hp integrated_lights-out_3_firmwareRange<1.90

hp integrated_lights-out_4_firmwareRange<2.61

AND

hp integrated_lights-outMatch-

[
  {
    "product": "HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers, HPE Integrated Lights-Out 4 (iLO 4), HPE Integrated Lights-Out 3 (iLO 3)",
    "vendor": "Hewlett Packard Enterprise",
    "versions": [
      {
        "status": "affected",
        "version": "HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers prior to v1.35, HPE Integrated Lights-Out 4 (iLO 4) prior to v2.61, HPE Integrated Lights-Out 3 (iLO 3) prior to v1.90"
      }
    ]
  }
]

Source	Link
support	www.support.hpe.com/hpsc/doc/public/display
securitytracker	www.securitytracker.com/id/1041649
securityfocus	www.securityfocus.com/bid/105425

21 Nov 2024 04:11Current

7.3High risk

Vulners AI Score7.3

CVSS 37.2

CVSS 29

EPSS0.01503