HP Integrated Lights-Out Cryptographic Issues (CVE-2016-4379)

The TLS implementation in HPE Integrated Lights-Out 3 aka iLO3 firmware before 1.88 does not properly use a MAC protection mechanism in conjunction with CBC padding, which allows remote attackers to obtain sensitive information via a padding-oracle attack, aka a Vaudenay attack. This plugin only...

EUVD-2016-5379

Malware in sbrugna...

EUVD-2011-4101

Malware in sbrugna...

EUVD-2017-4115

Malware in sbrugna...

CVE-2017-8987

A Unauthenticated Remote Denial of Service vulnerability was identified in HPE Integrated Lights-Out 3 iLO 3 version v1.88 only. The vulnerability is resolved in iLO3 v1.89 or subsequent versions...

Bug in HP Remote Management Tool Leaves Servers Open to Attack

Hewlett Packard Enterprise has patched a vulnerability in its remote management hardware called Integrated Lights-Out 3 that is used in its popular line of HP ProLiant servers. The bug allows an attacker to launch an unauthenticated remote denial of service attack that could contribute to a...

Information disclosure

A remote disclosure of information vulnerability in Moonshot Remote Console Administrator Prior to 2.50, iLO4 prior to v2.53, iLO3 prior to v1.89 and iLO2 prior to v2.30 was found...

CVE-2016-4379

The TLS implementation in HPE Integrated Lights-Out 3 aka iLO3 firmware before 1.88 does not properly use a MAC protection mechanism in conjunction with CBC padding, which allows remote attackers to obtain sensitive information via a padding-oracle attack, aka a Vaudenay attack...

Design/Logic Flaw

The TLS implementation in HPE Integrated Lights-Out 3 aka iLO3 firmware before 1.88 does not properly use a MAC protection mechanism in conjunction with CBC padding, which allows remote attackers to obtain sensitive information via a padding-oracle attack, aka a Vaudenay attack...

CVE-2016-4379

The CVE-2016-4379 entry is about HP Integrated Lights-Out 3 (iLO3) firmware pre-1.88, where the TLS implementation improperly uses a MAC protection mechanism with CBC padding, enabling a padding-oracle Vaudenay attack. This can allow an unauthenticated, remote attacker to disclose potentially sen...

[security bulletin] HPSBHF02981 rev.1 - HP Integrated Lights-Out 2, 3, and 4 (iLO2, iLO3, iLO4), IPMI 2.0 RCMP+ Authentication Remote Password Hash Vulnerability (RAKP)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04197764 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04197764 Version: 1 HPSBHF02981 rev....

CVE-2013-4805

Unspecified vulnerability in HP Integrated Lights-Out 3 aka iLO3 firmware before 1.60 and 4 aka iLO4 firmware before 1.30 allows remote attackers to bypass authentication via unknown vectors...

Authentication flaw

Unspecified vulnerability in HP Integrated Lights-Out 3 aka iLO3 firmware before 1.60 and 4 aka iLO4 firmware before 1.30 allows remote attackers to bypass authentication via unknown vectors...

CVE-2013-4805

HP iLO3/ iLO4 authentication bypass vulnerability CVE-2013-4805 affects HP Integrated Lights-Out firmware: iLO3 prior to 1.60 and iLO4 prior to 1.30. The issue allows remote authentication bypass via unspecified vectors (CVSSv2 base score 9.0, HIGH). Public references and advisories (HP Security ...

Code injection

Unspecified vulnerability on HP Integrated Lights-Out 3 aka iLO3 cards with firmware before 1.57 and 4 aka iLO4 cards with firmware before 1.22, when Single-Sign-On SSO is used, allows remote attackers to execute arbitrary code via unknown vectors...

CVE-2013-2338

HP iLO3 and iLO4 remote code execution (CVE-2013-2338) affects iLO3 firmware prior to 1.57 and iLO4 firmware prior to 1.22 when Single-Sign-On is enabled. The vulnerability, described as an unspecified remote code execution via unknown vectors, has a CVSS v2 base score of 9.3 (HIGH) and requires ...

Code injection

Unspecified vulnerability on the HP Integrated Lights-Out 3 aka iLO3 with firmware before 1.50 and Integrated Lights-Out 4 aka iLO4 with firmware before 1.13 allows remote attackers to obtain sensitive information via unknown vectors...

CVE-2012-3271

Unspecified vulnerability on the HP Integrated Lights-Out 3 aka iLO3 with firmware before 1.50 and Integrated Lights-Out 4 aka iLO4 with firmware before 1.13 allows remote attackers to obtain sensitive information via unknown vectors...

CVE-2012-3271

HP iLO3 before 1.50 and iLO4 before 1.13 are affected by an unspecified information-disclosure vulnerability (CVE-2012-3271). Remote attackers could obtain sensitive information via unknown vectors. HP’s security bulletin and multiple vulnerability feeds attribute a CVSS v2 base score of 9.3 (HIG...

[security bulletin] HPSBHF02721 SSRT100605 rev.1 - HP Directories Support for ProLiant Management Processors for Integrated Lights-Out iLO2 and iLO3, Unauthorized Access

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03082006 Version: 1 HPSBHF02721 SSRT100605 rev.1 - HP Directories Support for ProLiant Management Processors for Integrated Lights-Out iLO2 and iLO3, Unauthorized Access NOTICE: The information i...