Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.ILO_HPESBHF_04012.NASL
HistorySep 24, 2020 - 12:00 a.m.

HP iLO 3 < 1.93 / HP iLO 4 < 2.75 / HP iLO Superdome 4 < 1.64 / HP iLO 5 < 2.18 / HP Moonshot/Edgeline iLO 5 < 2.30 Ripple20 Multiple vulnerabilities

2020-09-2400:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
855

7.9 High

AI Score

Confidence

Low

JSON

Multiple security vulnerabilities have been identified in Integrated Lights-Out firmware generation 3 (iLO 3) prior to version 1.93, generation 4 (iLO 4) prior to version 2.75, and generation 5 (iLO 5) prior to version 2.18. Superdome generation 4 versions prior to 1.64 and Moonshot/Edgeline generation 5 versions prior to 2.30 are also vulnerable. The vulnerabilities could be remotely exploited to execute code, cause denial of service, and expose sensitive information.

Note: These vulnerabilities are collectively named Ripple20. iLO 3, iLO4, and iLO 5 are only exposed to a portion of the Ripple20 vulnerabilities.

#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(140770);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/02/20");

  script_cve_id(
    "CVE-2020-11896",
    "CVE-2020-11898",
    "CVE-2020-11900",
    "CVE-2020-11906",
    "CVE-2020-11907",
    "CVE-2020-11911",
    "CVE-2020-11912",
    "CVE-2020-11914"
  );
  script_xref(name:"HP", value:"HPESBHF04012");
  script_xref(name:"CEA-ID", value:"CEA-2020-0052");

  script_name(english:"HP iLO 3 < 1.93 / HP iLO 4 < 2.75 / HP iLO Superdome 4 < 1.64 / HP iLO 5 < 2.18 / HP Moonshot/Edgeline iLO 5 < 2.30 Ripple20 Multiple vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"The remote HP Integrated Lights-Out server's web interface is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"Multiple security vulnerabilities have been identified in Integrated Lights-Out firmware generation 3 (iLO 3) prior
to version 1.93, generation 4 (iLO 4) prior to version 2.75, and generation 5 (iLO 5) prior to version 2.18. Superdome
generation 4 versions prior to 1.64 and Moonshot/Edgeline generation 5 versions prior to 2.30 are also vulnerable. The
vulnerabilities could be remotely exploited to execute code, cause denial of service, and expose sensitive information.

Note: These vulnerabilities are collectively named Ripple20. iLO 3, iLO4, and iLO 5 are only exposed to a portion of
the Ripple20 vulnerabilities.");
  # https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04012en_us
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1e67ddae");
  # https://support.hpe.com/hpesc/public/docDisplay?docId=a00106376en_us
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c6c38e9e");
  script_set_attribute(attribute:"solution", value:
"Upgrade to HP iLO 3 firmware version 1.93 or later, iLO 4 firmware version 2.75 or later, or iLO 4 for Superdome version 1.64 or later, or HP iLO 5 firmware version 2.18 or HP Moonshot/Edgeline iLO 5 to version 2.30 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-11896");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/07/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/08/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/09/24");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:integrated_lights-out_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:integrated_lights-out_3_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:integrated_lights-out_4_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:integrated_lights-out_5_firmware");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ilo_detect.nasl");
  script_require_keys("www/ilo", "ilo/generation", "ilo/firmware");
  script_require_ports("Services/www", 80);

  exit(0);
}

include('http.inc');
include('vcf.inc');
include('vcf_extras.inc');

var version = get_kb_item_or_exit('ilo/firmware');

# Each generation has its own series of firmware version numbers.
var generation = get_kb_item_or_exit('ilo/generation');

if (generation !~ "^[345]$") audit(AUDIT_HOST_NOT, "iLO generation 3/4/5");

var port = get_http_port(default:80, embedded: TRUE);
var app_info = vcf::get_app_info(app:'ilo', port:port, webapp:TRUE);

var constraint_gen4 = { 'generation' : '4', 'fixed_version' : '2.75' };
if (vcf::ilo::check_superdome())
{
  constraint_gen4 = { 'generation' : '4', 'fixed_version' : '1.64' };
}
var constraints = [
  { 'generation' : '3', 'fixed_version' : '1.93' },
  constraint_gen4,
  { 'generation' : '5', 'fixed_version' : '2.18' },
  {'moonshot': TRUE, 'generation' : '5', 'fixed_version' : '2.30'}
];

vcf::ilo::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
VendorProductVersionCPE
hpintegrated_lights-out_firmwarecpe:/o:hp:integrated_lights-out_firmware
hpintegrated_lights-out_3_firmwarecpe:/o:hp:integrated_lights-out_3_firmware
hpintegrated_lights-out_4_firmwarecpe:/o:hp:integrated_lights-out_4_firmware
hpintegrated_lights-out_5_firmwarecpe:/o:hp:integrated_lights-out_5_firmware

Related

hp 1
openvas 3
qualysblog 1
cisco 1
nessus 3
checkpoint_security 1
f5 1
ics 2
nvidia 1
attackerkb 1
thn 1
cert 1
threatpost 1
prion 8
cve 8
fortinet 1
githubexploit 1
trellix 2
lenovo 1
intel 1
hp
hp
HPSBPI03666 rev. 3 - Certain HP and Samsung-branded Print Products - Network Stack Potential Vulnerabilities
2020-06-16 00:00:00
openvas
openvas
HP Printers Multiple Vulnerabilities - Ripple20 (HPSBPI03666)
2020-06-24 00:00:00
Xerox Printers Multiple Vulnerabilities - Ripple20 (XRX20J)
2020-06-24 00:00:00
Intel Active Management Technology Multiple Vulnerabilities (INTEL-SA-00295)
2020-06-17 00:00:00
qualysblog
qualysblog
Ripple20: Multiple Vulnerabilities Identified in Treck TCP/IP Stack
2020-06-24 23:24:24
cisco
cisco
Multiple Vulnerabilities in Treck IP Stack Affecting Cisco Products: June 2020
2020-06-17 20:00:00
nessus
nessus
Treck TCP/IP stack multiple vulnerabilities. (Ripple20)
2020-06-22 00:00:00
Multiple Vulnerabilities in Treck IP Stack Affecting Cisco Products: June 2020 (cisco-sa-treck-ip-stack-JyBQ5GyC)
2020-08-12 00:00:00
ArubaOS-Switch Ripple20 Multiple Vulnerabilities (ARUBA-PSA-2020-006)
2021-06-30 00:00:00
checkpoint_security
checkpoint_security
Check Point Response to Ripple20 Vulnerabilities
2020-06-20 20:46:08
f5
f5
K17133899 : Multiple Treck TCP/IP stack vulnerabilities
2020-06-19 00:00:00
ics
ics
Treck TCP/IP Stack (Update H)
2022-03-17 12:00:00
Siemens SIMATIC RTLS Gateways
2024-02-15 12:00:00
nvidia
nvidia
Security Notice: NVIDIA Response to Ripple20 - June 2020
2020-06-22 00:00:00
attackerkb
attackerkb
Ripple20 Treck TCP/IP Stack Vulnerabilities
2020-12-21 00:00:00
thn
thn
New Ripple20 Flaws Put Billions of Internet-Connected Devices at Risk of Hacking
2020-06-16 13:00:00
cert
cert
Treck IP stacks contain multiple vulnerabilities
2020-06-16 00:00:00
threatpost
threatpost
'Ripple20' Bugs Impact Hundreds of Millions of Connected Devices
2020-06-16 16:22:09
prion
prion
Double free
2020-06-17 11:15:00
Remote code execution
2020-06-17 11:15:00
Design/Logic Flaw
2020-06-17 11:15:00
cve
cve
CVE-2020-11900
2020-06-17 11:15:00
CVE-2020-11906
2020-06-17 11:15:00
CVE-2020-11898
2020-06-17 11:15:00
fortinet
fortinet
Ripple20 - Critical Vulnerabilities in low-level TCP/IP software library developed by Treck
2020-07-30 00:00:00
githubexploit
githubexploit
Exploit for Out-of-bounds Write in Treck Tcp\/Ip
2020-07-21 03:38:31
trellix
trellix
Ripple20 Critical Vulnerabilities – Detection Logic and Signatures
2020-08-05 00:00:00
Ripple20 Critical Vulnerabilities – Detection Logic and Signatures
2020-08-05 00:00:00
lenovo
lenovo
Intel CSME, SPS, TXE, AMT and DAL Advisory - Lenovo Support US
2020-06-04 20:27:57
intel
intel
2020.1 IPU – Intel® CSME, SPS, TXE, AMT, ISM and DAL Advisory
2020-06-18 00:00:00

7.9 High

AI Score

Confidence

Low

JSON
Related for ILO_HPESBHF_04012.NASL
hp1openvas3qualysblog1cisco1nessus3checkpoint_security1f51ics2nvidia1attackerkb1thn1cert1threatpost1prion8cve8fortinet1githubexploit1trellix2lenovo1intel1