Lucene search
HpeCVE-2022-28637HistorySep 20, 2022 - 9:15 p.m.
CVE-2022-28637
2022-09-2021:15:10
hpe
web.nvd.nist.gov
29
2
cve-2022-28637
denial of service
code execution
vulnerability
hpe ilo 5
firmware update
security guidance
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
7.8
Confidence
High
EPSS
0
Percentile
5.1%
A local Denial of Service (DoS) and local arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability were discovered in HPE Integrated Lights-Out 5 (iLO 5) in Version: 2.71. Hewlett Packard Enterprise has provided updated firmware for HPE Integrated Lights-Out 5 (iLO 5) that addresses these security vulnerabilities.
Affected configurations
Node
hpeintegrated_lights-out_5_firmwareRange<2.72
hpapollo_4200_gen10_serverMatch-
ORhpapollo_4500Match-
ORhpapollo_r2000_chassisMatch-
ORhpeapollo_2000_gen10_plus_systemMatch-
ORhpeapollo_4200_gen10_plus_systemMatch-
ORhpeapollo_4510_gen10_systemMatch-
ORhpeapollo_6500_gen10_plusMatch-
ORhpeapollo_n2600_gen10_plusMatch-
ORhpeapollo_n2800_gen10_plusMatch-
ORhpeapollo_r2600_gen10Match-
ORhpeapollo_r2800_gen10Match-
ORhpeedgeline_e920_server_bladeMatch-
ORhpeedgeline_e920d_server_bladeMatch-
ORhpeedgeline_e920t_server_bladeMatch-
ORhpeintegrated_lights-out_5Match-
ORhpeproliant_bl460c_gen10_server_bladeMatch-
ORhpeproliant_dl110_gen10_plus_telco_serverMatch-
ORhpeproliant_dl160_gen10_serverMatch-
ORhpeproliant_dl180_gen10_serverMatch-
ORhpeproliant_dl20_gen10_plus_serverMatch-
ORhpeproliant_dl20_gen10_serverMatch-
ORhpeproliant_dl325_gen10_plus_serverMatch-
ORhpeproliant_dl325_gen10_plus_v2_serverMatch-
ORhpeproliant_dl325_gen10_serverMatch-
ORhpeproliant_dl345_gen10_plus_serverMatch-
ORhpeproliant_dl360_gen10_plus_serverMatch-
ORhpeproliant_dl360_gen10_serverMatch-
ORhpeproliant_dl365_gen10_plus_serverMatch-
ORhpeproliant_dl380_gen10_plus_serverMatch-
ORhpeproliant_dl380_gen10_serverMatch-
ORhpeproliant_dl385_gen10_plus_serverMatch-
ORhpeproliant_dl385_gen10_plus_v2_serverMatch-
ORhpeproliant_dl385_gen10_serverMatch-
ORhpeproliant_dl560_gen10_serverMatch-
ORhpeproliant_dl580_gen10_serverMatch-
ORhpeproliant_dx170r_gen10_serverMatch-
ORhpeproliant_dx190r_gen10_serverMatch-
ORhpeproliant_dx220n_gen10_plus_serverMatch-
ORhpeproliant_dx325_gen10_plus_v2_serverMatch-
ORhpeproliant_dx360_gen10_plus_serverMatch-
ORhpeproliant_dx360_gen10_serverMatch-
ORhpeproliant_dx380_gen10_plus_serverMatch-
ORhpeproliant_dx380_gen10_serverMatch-
ORhpeproliant_dx385_gen10_plus_serverMatch-
ORhpeproliant_dx385_gen10_plus_v2_serverMatch-
ORhpeproliant_dx4200_gen10_serverMatch-
ORhpeproliant_dx560_gen10_serverMatch-
ORhpeproliant_e910_server_bladeMatch-
ORhpeproliant_e910t_server_bladeMatch-
ORhpeproliant_m750_server_bladeMatch-
ORhpeproliant_microserver_gen10_plusMatch-
ORhpeproliant_ml110_gen10_serverMatch-
ORhpeproliant_ml30_gen10_plus_serverMatch-
ORhpeproliant_ml30_gen10_serverMatch-
ORhpeproliant_ml350_gen10_serverMatch-
ORhpeproliant_xl170r_gen10_serverMatch-
ORhpeproliant_xl190r_gen10_serverMatch-
ORhpeproliant_xl220n_gen10_plus_serverMatch-
ORhpeproliant_xl225n_gen10_plus_1u_nodeMatch-
ORhpeproliant_xl230k_gen10_serverMatch-
ORhpeproliant_xl270d_gen10_serverMatch-
ORhpeproliant_xl290n_gen10_plus_serverMatch-
ORhpeproliant_xl420_gen10_serverMatch-
ORhpeproliant_xl450_gen10_serverMatch-
ORhpeproliant_xl645d_gen10_plus_serverMatch-
ORhpeproliant_xl675d_gen10_plus_serverMatch-
ORhpeproliant_xl925g_gen10_plus_1u_4-node_configure-to-order_serverMatch-
ORhpestorage_file_controllerMatch-
ORhpestorage_performance_file_controllerMatch-
ORhpestoreeasy_1460_storageMatch-
ORhpestoreeasy_1560_storageMatch-
ORhpestoreeasy_1660_expanded_storageMatch-
ORhpestoreeasy_1660_performance_storageMatch-
ORhpestoreeasy_1660_storageMatch-
ORhpestoreeasy_1860_performance_storageMatch-
ORhpestoreeasy_1860_storageMatch-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| hpe | integrated_lights-out_5_firmware | * | cpe:2.3:o:hpe:integrated_lights-out_5_firmware:*:*:*:*:*:*:*:* |
| hp | apollo_4200_gen10_server | - | cpe:2.3:h:hp:apollo_4200_gen10_server:-:*:*:*:*:*:*:* |
| hp | apollo_4500 | - | cpe:2.3:h:hp:apollo_4500:-:*:*:*:*:*:*:* |
| hp | apollo_r2000_chassis | - | cpe:2.3:h:hp:apollo_r2000_chassis:-:*:*:*:*:*:*:* |
| hpe | apollo_2000_gen10_plus_system | - | cpe:2.3:h:hpe:apollo_2000_gen10_plus_system:-:*:*:*:*:*:*:* |
| hpe | apollo_4200_gen10_plus_system | - | cpe:2.3:h:hpe:apollo_4200_gen10_plus_system:-:*:*:*:*:*:*:* |
| hpe | apollo_4510_gen10_system | - | cpe:2.3:h:hpe:apollo_4510_gen10_system:-:*:*:*:*:*:*:* |
| hpe | apollo_6500_gen10_plus | - | cpe:2.3:h:hpe:apollo_6500_gen10_plus:-:*:*:*:*:*:*:* |
| hpe | apollo_n2600_gen10_plus | - | cpe:2.3:h:hpe:apollo_n2600_gen10_plus:-:*:*:*:*:*:*:* |
| hpe | apollo_n2800_gen10_plus | - | cpe:2.3:h:hpe:apollo_n2800_gen10_plus:-:*:*:*:*:*:*:* |
CNA Affected
[
{
"product": "HPE Integrated Lights-Out 5 (iLO 5)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 2.72"
},
{
"status": "affected",
"version": "unspecified"
}
]
}
]Social References
More
Related
cvelist
cvelist
CVE-2022-28637
2022-09-20 20:07:13
prion
prion
Remote code execution
2022-09-20 21:15:00
nvd
nvd
CVE-2022-28637
2022-09-20 21:15:10
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
7.8
Confidence
High
EPSS
0
Percentile
5.1%
Related for CVE-2022-28637