HPE Integrated Lights-out 4 (iLO 4) version prior to 2.53 – a authentication bypass and execution of code vulnerability was found « IT Solutions Technology Blog

HPE Integrated Lights-out 4 (iLO 4) version prior to 2.53 – a authentication bypass and execution of code vulnerability was found

HPE has provided software updates to resolve the vulnerability in HPE Integrated Lights-out 4 (iLO 4) please upgrade to HPE Integrated Lights-out 4 (iLO 4) firmware version hp-ilo-4-upgrade-2.54 or newer

Exploiting this vulnerability gives full access to the REST API allowing arbitrary accounts creation
curl -H „Connection: AAAAAAAAAAAAAAAAAAAAAAAAAAAAA“

This entry was posted on Sonntag, Juli 8th, 2018 at 14:07 and is filed under Administration, Healthcare Info, HPE Systems, Security Solution. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

You must be logged in to post a comment.