Lucene search
K

HP Integrated Lights-Out Information Disclosure (CVE-2018-7112)

🗓️ 13 Nov 2025 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 3 Views

HPE Integrated Lights-Out Windows firmware installer on Gen6–Gen9 servers enables local privileged disclosure; fixed by updates.

Related
Refs
Code
ReporterTitlePublishedViews
Family
CNVD
HPE Windows Firmware Information Disclosure Vulnerability
10 Dec 201800:00
cnvd
CVE
CVE-2018-7112
3 Dec 201815:00
cve
Cvelist
CVE-2018-7112
3 Dec 201815:00
cvelist
EUVD
EUVD-2018-18855
7 Oct 202500:30
euvd
NVD
CVE-2018-7112
3 Dec 201815:29
nvd
Prion
Design/Logic Flaw
3 Dec 201815:29
prion
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(504408);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/11/13");

  script_cve_id("CVE-2018-7112");

  script_name(english:"HP Integrated Lights-Out Information Disclosure (CVE-2018-7112)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"The HPE-provided Windows firmware installer for certain Gen9, Gen8,
G7,and G6 HPE servers allows local disclosure of privileged
information. This issue was resolved in previously provided firmware
updates as follows. The HPE Windows firmware installer was updated in
the system ROM updates which also addressed the original
Spectre/Meltdown set of vulnerabilities. At that time, the Windows
firmware installer was also updated in the versions of HPE Integrated
Lights-Out 2, 3, and 4 (iLO 2, 3, and 4) listed in the security
bulletin. The updated HPE Windows firmware installer was released in
the system ROM and HPE Integrated Lights-Out (iLO) releases documented
in earlier HPE Security Bulletins: HPESBHF03805, HPESBHF03835,
HPESBHF03831. Windows-based systems that have already been updated to
the system ROM or iLO versions described in these security bulletins
require no further action.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"http://www.securitytracker.com/id/1041984");
  # https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03805en_us
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b8e84743");
  # https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03831en_us
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?edd33d46");
  # https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03835en_us
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?bc7a6d4d");
  # https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03869en_us
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b4e0dabe");
  script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-7112");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/03");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/12/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/11/13");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:integrated_lights-out_2_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:integrated_lights-out_3_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:integrated_lights-out_4_firmware");
  script_set_attribute(attribute:"generated_plugin", value:"former");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/HP");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/HP');

var asset = tenable_ot::assets::get(vendor:'HP');

var vuln_cpes = {
    "cpe:/o:hp:integrated_lights-out_2_firmware" :
        {"versionEndExcluding" : "2.33", "family" : "ILO"},
    "cpe:/o:hp:integrated_lights-out_3_firmware" :
        {"versionEndExcluding" : "1.90", "family" : "ILO"},
    "cpe:/o:hp:integrated_lights-out_4_firmware" :
        {"versionEndExcluding" : "2.60", "family" : "ILO"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation