All the vulnerabilites related to hp - integrated_lights-out_firmware
cve-2015-5436
Vulnerability from cvelistv5
Published
2017-05-11 14:01
Modified
2024-08-06 06:50
Severity ?
EPSS score ?
Summary
A potential security vulnerability has been identified with HP Integrated Lights-Out 4 (iLO 4) firmware version 2.11 and later, but prior to version 2.30. The vulnerability could be exploited remotely resulting in Denial of Service (DoS). Note this was originally published in 2015 however the CVE entry was added in 2020.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.hpe.com/hpesc/public/docDisplay?docId=emr_na-c04806165 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | HP Integrated Lights-Out 4 (iLO 4) |
Version: firmware version 2.11 and later, but prior to version 2.30 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:50:02.583Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=emr_na-c04806165"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HP Integrated Lights-Out 4 (iLO 4) ",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "firmware version 2.11 and later, but prior to version 2.30"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A potential security vulnerability has been identified with HP Integrated Lights-Out 4 (iLO 4) firmware version 2.11 and later, but prior to version 2.30. The vulnerability could be exploited remotely resulting in Denial of Service (DoS). Note this was originally published in 2015 however the CVE entry was added in 2020."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "emote Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-23T19:23:21",
"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"shortName": "hp"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=emr_na-c04806165"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2015-5436",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HP Integrated Lights-Out 4 (iLO 4) ",
"version": {
"version_data": [
{
"version_value": "firmware version 2.11 and later, but prior to version 2.30"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential security vulnerability has been identified with HP Integrated Lights-Out 4 (iLO 4) firmware version 2.11 and later, but prior to version 2.30. The vulnerability could be exploited remotely resulting in Denial of Service (DoS). Note this was originally published in 2015 however the CVE entry was added in 2020."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "emote Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpesc/public/docDisplay?docId=emr_na-c04806165",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=emr_na-c04806165"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"assignerShortName": "hp",
"cveId": "CVE-2015-5436",
"datePublished": "2017-05-11T14:01:00",
"dateReserved": "2015-07-07T00:00:00",
"dateUpdated": "2024-08-06T06:50:02.583Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-28092
Vulnerability from cvelistv5
Published
2023-05-01 14:10
Modified
2024-08-02 12:30
Severity ?
EPSS score ?
Summary
A potential security vulnerability has been identified in HPE ProLiant RL300 Gen11 Server. The vulnerability could result in the system being vulnerable to exploits by attackers with physical access inside the server chassis.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Hewlett Packard Enterprise (HPE) | HPE ProLiant RL300 Gen11 |
Version: System ROM v1.12, and HPE Integrated Lights-Out 6 (iLO 6) v1.05 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:30:24.224Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbhf04472en_us"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HPE ProLiant RL300 Gen11",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "System ROM v1.12, and HPE Integrated Lights-Out 6 (iLO 6) v1.05"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA potential security vulnerability has been identified in HPE ProLiant RL300 Gen11 Server. The vulnerability could result in the system being vulnerable to exploits by attackers with physical access inside the server chassis.\u003c/p\u003e"
}
],
"value": "A potential security vulnerability has been identified in HPE ProLiant RL300 Gen11 Server. The vulnerability could result in the system being vulnerable to exploits by attackers with physical access inside the server chassis.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-01T14:46:03.772Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbhf04472en_us"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "cveClient/1.0.13"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-28092",
"datePublished": "2023-05-01T14:10:19.471Z",
"dateReserved": "2023-03-10T14:47:44.212Z",
"dateUpdated": "2024-08-02T12:30:24.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4805
Vulnerability from cvelistv5
Published
2013-08-03 01:00
Modified
2024-08-06 16:52
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in HP Integrated Lights-Out 3 (aka iLO3) firmware before 1.60 and 4 (aka iLO4) firmware before 1.30 allows remote attackers to bypass authentication via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/61556 | vdb-entry, x_refsource_BID | |
| http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03844348 | vendor-advisory, x_refsource_HP | |
| http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03844348 | vendor-advisory, x_refsource_HP |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:52:27.119Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "61556",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61556"
},
{
"name": "HPSBMU02902",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03844348"
},
{
"name": "SSRT101250",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03844348"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-07-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in HP Integrated Lights-Out 3 (aka iLO3) firmware before 1.60 and 4 (aka iLO4) firmware before 1.30 allows remote attackers to bypass authentication via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-08-22T09:00:00",
"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"shortName": "hp"
},
"references": [
{
"name": "61556",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/61556"
},
{
"name": "HPSBMU02902",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03844348"
},
{
"name": "SSRT101250",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03844348"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2013-4805",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in HP Integrated Lights-Out 3 (aka iLO3) firmware before 1.60 and 4 (aka iLO4) firmware before 1.30 allows remote attackers to bypass authentication via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "61556",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61556"
},
{
"name": "HPSBMU02902",
"refsource": "HP",
"url": "http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03844348"
},
{
"name": "SSRT101250",
"refsource": "HP",
"url": "http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03844348"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"assignerShortName": "hp",
"cveId": "CVE-2013-4805",
"datePublished": "2013-08-03T01:00:00",
"dateReserved": "2013-07-12T00:00:00",
"dateUpdated": "2024-08-06T16:52:27.119Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0525
Vulnerability from cvelistv5
Published
2004-06-08 04:00
Modified
2024-08-08 00:24
Severity ?
EPSS score ?
Summary
HP Integrated Lights-Out (iLO) 1.10 and other versions before 1.55 allows remote attackers to cause a denial of service (hang) by accessing iLO using the TCP/IP reserved port zero.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/10415 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16251 | vdb-entry, x_refsource_XF | |
| http://seclists.org/lists/bugtraq/2004/May/0281.html | vendor-advisory, x_refsource_HP |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:24:26.499Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "10415",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10415"
},
{
"name": "ilo-port-zero-dos(16251)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16251"
},
{
"name": "SSRT4724",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://seclists.org/lists/bugtraq/2004/May/0281.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-05-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "HP Integrated Lights-Out (iLO) 1.10 and other versions before 1.55 allows remote attackers to cause a denial of service (hang) by accessing iLO using the TCP/IP reserved port zero."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "10415",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10415"
},
{
"name": "ilo-port-zero-dos(16251)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16251"
},
{
"name": "SSRT4724",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://seclists.org/lists/bugtraq/2004/May/0281.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0525",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HP Integrated Lights-Out (iLO) 1.10 and other versions before 1.55 allows remote attackers to cause a denial of service (hang) by accessing iLO using the TCP/IP reserved port zero."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "10415",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10415"
},
{
"name": "ilo-port-zero-dos(16251)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16251"
},
{
"name": "SSRT4724",
"refsource": "HP",
"url": "http://seclists.org/lists/bugtraq/2004/May/0281.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0525",
"datePublished": "2004-06-08T04:00:00",
"dateReserved": "2004-06-03T00:00:00",
"dateUpdated": "2024-08-08T00:24:26.499Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4843
Vulnerability from cvelistv5
Published
2013-11-16 02:00
Modified
2024-09-16 21:08
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in HP Integrated Lights-Out 4 (iLO4) with firmware before 1.32 allows remote authenticated users to obtain sensitive information via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03996804 | vendor-advisory, x_refsource_HP | |
| https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03996804 | vendor-advisory, x_refsource_HP |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:59:40.745Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "HPSBHF02939",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03996804"
},
{
"name": "SSRT101326",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03996804"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in HP Integrated Lights-Out 4 (iLO4) with firmware before 1.32 allows remote authenticated users to obtain sensitive information via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-11-16T02:00:00Z",
"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"shortName": "hp"
},
"references": [
{
"name": "HPSBHF02939",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03996804"
},
{
"name": "SSRT101326",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03996804"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2013-4843",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in HP Integrated Lights-Out 4 (iLO4) with firmware before 1.32 allows remote authenticated users to obtain sensitive information via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "HPSBHF02939",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03996804"
},
{
"name": "SSRT101326",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03996804"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"assignerShortName": "hp",
"cveId": "CVE-2013-4843",
"datePublished": "2013-11-16T02:00:00Z",
"dateReserved": "2013-07-12T00:00:00Z",
"dateUpdated": "2024-09-16T21:08:14.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4842
Vulnerability from cvelistv5
Published
2013-11-16 02:00
Modified
2024-09-16 19:25
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in HP Integrated Lights-Out 4 (iLO4) with firmware before 1.32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03996804 | vendor-advisory, x_refsource_HP | |
| https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03996804 | vendor-advisory, x_refsource_HP |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:59:40.992Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "HPSBHF02939",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03996804"
},
{
"name": "SSRT101323",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03996804"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in HP Integrated Lights-Out 4 (iLO4) with firmware before 1.32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-11-16T02:00:00Z",
"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"shortName": "hp"
},
"references": [
{
"name": "HPSBHF02939",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03996804"
},
{
"name": "SSRT101323",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03996804"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2013-4842",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in HP Integrated Lights-Out 4 (iLO4) with firmware before 1.32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "HPSBHF02939",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03996804"
},
{
"name": "SSRT101323",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03996804"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"assignerShortName": "hp",
"cveId": "CVE-2013-4842",
"datePublished": "2013-11-16T02:00:00Z",
"dateReserved": "2013-07-12T00:00:00Z",
"dateUpdated": "2024-09-16T19:25:11.882Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2023-05-01 15:15
Modified
2024-11-21 07:54
Severity ?
6.1 (Medium) - CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:L
6.8 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
6.8 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A potential security vulnerability has been identified in HPE ProLiant RL300 Gen11 Server. The vulnerability could result in the system being vulnerable to exploits by attackers with physical access inside the server chassis.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | integrated_lights-out_firmware | 1.05 | |
| hp | integrated_lights-out | 6 | |
| hp | proliant_rl300_firmware | 1.12 | |
| hp | proliant_rl300 | gen_11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:integrated_lights-out_firmware:1.05:*:*:*:*:*:*:*",
"matchCriteriaId": "669BABDD-65EC-44AB-833C-AFF4224EB356",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:integrated_lights-out:6:*:*:*:*:*:*:*",
"matchCriteriaId": "F211ABF9-9617-43CF-9DC5-E46CB0518B7E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:proliant_rl300_firmware:1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0CCE84C1-7EF8-4460-8417-A1A769933E41",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:proliant_rl300:gen_11:*:*:*:*:*:*:*",
"matchCriteriaId": "4E35165C-B5B8-47E2-829C-AE0187F3BBE2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A potential security vulnerability has been identified in HPE ProLiant RL300 Gen11 Server. The vulnerability could result in the system being vulnerable to exploits by attackers with physical access inside the server chassis.\n\n"
}
],
"id": "CVE-2023-28092",
"lastModified": "2024-11-21T07:54:23.150",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.3,
"impactScore": 5.3,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-01T15:15:09.357",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbhf04472en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbhf04472en_us"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-11-18 03:55
Modified
2024-11-21 01:56
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in HP Integrated Lights-Out 4 (iLO4) with firmware before 1.32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | integrated_lights-out_firmware | * | |
| hp | integrated_lights-out_firmware | 1.10 | |
| hp | integrated_lights-out_firmware | 1.15 | |
| hp | integrated_lights-out_firmware | 1.15a | |
| hp | integrated_lights-out_firmware | 1.16a | |
| hp | integrated_lights-out_firmware | 1.20a | |
| hp | integrated_lights-out_firmware | 1.26a | |
| hp | integrated_lights-out_4 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:integrated_lights-out_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17EDFBC8-40D5-405F-9E53-45D39AFD06AF",
"versionEndIncluding": "1.27a",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:integrated_lights-out_firmware:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F3B75737-F8DF-4467-87E6-B3D7D296AF69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:integrated_lights-out_firmware:1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "FDE41EB1-8AAE-40F8-A7C0-703283020F0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:integrated_lights-out_firmware:1.15a:*:*:*:*:*:*:*",
"matchCriteriaId": "223798D1-6965-4EBF-B731-0AADBC853752",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:integrated_lights-out_firmware:1.16a:*:*:*:*:*:*:*",
"matchCriteriaId": "03B3C027-295A-4E8D-AC99-89B1DBC9937E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:integrated_lights-out_firmware:1.20a:*:*:*:*:*:*:*",
"matchCriteriaId": "859702BA-314B-4BC4-8CA6-1432E8831B89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:integrated_lights-out_firmware:1.26a:*:*:*:*:*:*:*",
"matchCriteriaId": "58207045-31FF-4B78-832D-A47F49743529",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:integrated_lights-out_4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47EEB8DA-1CDD-428C-988C-249E2816F18C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in HP Integrated Lights-Out 4 (iLO4) with firmware before 1.32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en HP Integrated Lights-Out 4 (iLO4) con firmware anterior a la versi\u00f3n 1.32 permite a atacantes remotos inyectar script web arbitrario o HTML a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2013-4842",
"lastModified": "2024-11-21T01:56:31.017",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-11-18T03:55:05.883",
"references": [
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03996804"
},
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03996804"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03996804"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03996804"
}
],
"sourceIdentifier": "hp-security-alert@hp.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-11-18 03:55
Modified
2024-11-21 01:56
Severity ?
Summary
Unspecified vulnerability in HP Integrated Lights-Out 4 (iLO4) with firmware before 1.32 allows remote authenticated users to obtain sensitive information via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | integrated_lights-out_firmware | * | |
| hp | integrated_lights-out_firmware | 1.10 | |
| hp | integrated_lights-out_firmware | 1.15 | |
| hp | integrated_lights-out_firmware | 1.15a | |
| hp | integrated_lights-out_firmware | 1.16a | |
| hp | integrated_lights-out_firmware | 1.20a | |
| hp | integrated_lights-out_firmware | 1.26a | |
| hp | integrated_lights-out_4 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:integrated_lights-out_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17EDFBC8-40D5-405F-9E53-45D39AFD06AF",
"versionEndIncluding": "1.27a",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:integrated_lights-out_firmware:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F3B75737-F8DF-4467-87E6-B3D7D296AF69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:integrated_lights-out_firmware:1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "FDE41EB1-8AAE-40F8-A7C0-703283020F0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:integrated_lights-out_firmware:1.15a:*:*:*:*:*:*:*",
"matchCriteriaId": "223798D1-6965-4EBF-B731-0AADBC853752",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:integrated_lights-out_firmware:1.16a:*:*:*:*:*:*:*",
"matchCriteriaId": "03B3C027-295A-4E8D-AC99-89B1DBC9937E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:integrated_lights-out_firmware:1.20a:*:*:*:*:*:*:*",
"matchCriteriaId": "859702BA-314B-4BC4-8CA6-1432E8831B89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:integrated_lights-out_firmware:1.26a:*:*:*:*:*:*:*",
"matchCriteriaId": "58207045-31FF-4B78-832D-A47F49743529",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:integrated_lights-out_4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47EEB8DA-1CDD-428C-988C-249E2816F18C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in HP Integrated Lights-Out 4 (iLO4) with firmware before 1.32 allows remote authenticated users to obtain sensitive information via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en HP Integrated Lights-Out 4 (iLO4) con el firmware anterior a 1.32 que permite a usuarios autenticados remotos obtener informaci\u00f3n sensible a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2013-4843",
"lastModified": "2024-11-21T01:56:31.127",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-11-18T03:55:05.913",
"references": [
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03996804"
},
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03996804"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03996804"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03996804"
}
],
"sourceIdentifier": "hp-security-alert@hp.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-08-06 04:00
Modified
2024-11-20 23:48
Severity ?
Summary
HP Integrated Lights-Out (iLO) 1.10 and other versions before 1.55 allows remote attackers to cause a denial of service (hang) by accessing iLO using the TCP/IP reserved port zero.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | integrated_lights-out_firmware | 1.6a | |
| hp | integrated_lights-out_firmware | 1.10 | |
| hp | integrated_lights-out_firmware | 1.15 | |
| hp | integrated_lights-out_firmware | 1.15a | |
| hp | integrated_lights-out_firmware | 1.16a | |
| hp | integrated_lights-out_firmware | 1.20a | |
| hp | integrated_lights-out_firmware | 1.26a | |
| hp | integrated_lights-out_firmware | 1.27a | |
| hp | integrated_lights-out_firmware | 1.40a | |
| hp | integrated_lights-out_firmware | 1.41a | |
| hp | integrated_lights-out_firmware | 1.42a | |
| hp | integrated_lights-out_firmware | 1.50 | |
| hp | integrated_lights-out_firmware | 1.50a | |
| hp | integrated_lights-out_firmware | 1.51a |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:integrated_lights-out_firmware:1.6a:*:*:*:*:*:*:*",
"matchCriteriaId": "0DB1F11C-1449-46A9-84E5-279ABFF4BD8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:integrated_lights-out_firmware:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F3B75737-F8DF-4467-87E6-B3D7D296AF69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:integrated_lights-out_firmware:1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "FDE41EB1-8AAE-40F8-A7C0-703283020F0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:integrated_lights-out_firmware:1.15a:*:*:*:*:*:*:*",
"matchCriteriaId": "223798D1-6965-4EBF-B731-0AADBC853752",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:integrated_lights-out_firmware:1.16a:*:*:*:*:*:*:*",
"matchCriteriaId": "03B3C027-295A-4E8D-AC99-89B1DBC9937E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:integrated_lights-out_firmware:1.20a:*:*:*:*:*:*:*",
"matchCriteriaId": "859702BA-314B-4BC4-8CA6-1432E8831B89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:integrated_lights-out_firmware:1.26a:*:*:*:*:*:*:*",
"matchCriteriaId": "58207045-31FF-4B78-832D-A47F49743529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:integrated_lights-out_firmware:1.27a:*:*:*:*:*:*:*",
"matchCriteriaId": "B378215E-CBEA-4C5B-8BBE-44B8EBA09DA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:integrated_lights-out_firmware:1.40a:*:*:*:*:*:*:*",
"matchCriteriaId": "F5066B1C-C809-4547-9E48-4E4822E8B91E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:integrated_lights-out_firmware:1.41a:*:*:*:*:*:*:*",
"matchCriteriaId": "5CCFA86E-B3F6-4E71-ABC8-75783EBC8817",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:integrated_lights-out_firmware:1.42a:*:*:*:*:*:*:*",
"matchCriteriaId": "FC6ED7F5-C616-4FDD-9D36-697F19A0BE25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:integrated_lights-out_firmware:1.50:*:*:*:*:*:*:*",
"matchCriteriaId": "D69393F4-139D-47E3-9125-D8633B192C91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:integrated_lights-out_firmware:1.50a:*:*:*:*:*:*:*",
"matchCriteriaId": "D4397221-10C5-46E8-93A5-17497C5F82DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:integrated_lights-out_firmware:1.51a:*:*:*:*:*:*:*",
"matchCriteriaId": "110526DD-CD4A-44FB-B7BC-7B75655AE65E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HP Integrated Lights-Out (iLO) 1.10 and other versions before 1.55 allows remote attackers to cause a denial of service (hang) by accessing iLO using the TCP/IP reserved port zero."
},
{
"lang": "es",
"value": "HP Integrated Lights-Out (iLO) 1.10 y otras versiones anteriores a 1.55 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) accediendo a iLO usando el puerto reservado TCP cero."
}
],
"id": "CVE-2004-0525",
"lastModified": "2024-11-20T23:48:47.297",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-08-06T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://seclists.org/lists/bugtraq/2004/May/0281.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10415"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16251"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/lists/bugtraq/2004/May/0281.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10415"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16251"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-11 14:29
Modified
2024-11-21 02:33
Severity ?
Summary
A potential security vulnerability has been identified with HP Integrated Lights-Out 4 (iLO 4) firmware version 2.11 and later, but prior to version 2.30. The vulnerability could be exploited remotely resulting in Denial of Service (DoS). Note this was originally published in 2015 however the CVE entry was added in 2020.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | integrated_lights-out_firmware | * | |
| hp | integrated_lights-out_4 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:integrated_lights-out_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "652B9F99-3C89-42F7-A194-E1AC82B57CCF",
"versionEndExcluding": "2.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:integrated_lights-out_4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47EEB8DA-1CDD-428C-988C-249E2816F18C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A potential security vulnerability has been identified with HP Integrated Lights-Out 4 (iLO 4) firmware version 2.11 and later, but prior to version 2.30. The vulnerability could be exploited remotely resulting in Denial of Service (DoS). Note this was originally published in 2015 however the CVE entry was added in 2020."
},
{
"lang": "es",
"value": "Se ha identificado una posible vulnerabilidad de seguridad con el firmware HP Integrated Lights-Out 4 (iLO 4) versi\u00f3n 2.11 y posterior, pero anterior a la versi\u00f3n 2.30. La vulnerabilidad podr\u00eda explotarse a distancia, lo que dar\u00eda lugar a una denegaci\u00f3n de servicio (DoS). Note que esto fue publicado originalmente en 2015, sin embargo la entrada CVE fue a\u00f1adida en 2020"
}
],
"id": "CVE-2015-5436",
"lastModified": "2024-11-21T02:33:00.383",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-11T14:29:46.997",
"references": [
{
"source": "hp-security-alert@hp.com",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=emr_na-c04806165"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=emr_na-c04806165"
}
],
"sourceIdentifier": "hp-security-alert@hp.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-05 13:22
Modified
2024-11-21 01:56
Severity ?
Summary
Unspecified vulnerability in HP Integrated Lights-Out 3 (aka iLO3) firmware before 1.60 and 4 (aka iLO4) firmware before 1.30 allows remote attackers to bypass authentication via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | integrated_lights-out_firmware | * | |
| hp | integrated_lights-out_firmware | 1.10 | |
| hp | integrated_lights-out_firmware | 1.15 | |
| hp | integrated_lights-out_firmware | 1.15a | |
| hp | integrated_lights-out_firmware | 1.16a | |
| hp | integrated_lights-out_firmware | 1.20a | |
| hp | integrated_lights-out_firmware | 1.26a | |
| hp | integrated_lights-out_firmware | 1.27a | |
| hp | integrated_lights-out_firmware | 1.40a | |
| hp | integrated_lights-out_firmware | 1.41a | |
| hp | integrated_lights-out_firmware | 1.42a | |
| hp | integrated_lights-out_firmware | 1.50 | |
| hp | integrated_lights-out_firmware | 1.50a |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:integrated_lights-out_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21040F4F-4DE7-406F-8220-5B7524B22494",
"versionEndIncluding": "1.51a",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:integrated_lights-out_firmware:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F3B75737-F8DF-4467-87E6-B3D7D296AF69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:integrated_lights-out_firmware:1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "FDE41EB1-8AAE-40F8-A7C0-703283020F0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:integrated_lights-out_firmware:1.15a:*:*:*:*:*:*:*",
"matchCriteriaId": "223798D1-6965-4EBF-B731-0AADBC853752",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:integrated_lights-out_firmware:1.16a:*:*:*:*:*:*:*",
"matchCriteriaId": "03B3C027-295A-4E8D-AC99-89B1DBC9937E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:integrated_lights-out_firmware:1.20a:*:*:*:*:*:*:*",
"matchCriteriaId": "859702BA-314B-4BC4-8CA6-1432E8831B89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:integrated_lights-out_firmware:1.26a:*:*:*:*:*:*:*",
"matchCriteriaId": "58207045-31FF-4B78-832D-A47F49743529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:integrated_lights-out_firmware:1.27a:*:*:*:*:*:*:*",
"matchCriteriaId": "B378215E-CBEA-4C5B-8BBE-44B8EBA09DA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:integrated_lights-out_firmware:1.40a:*:*:*:*:*:*:*",
"matchCriteriaId": "F5066B1C-C809-4547-9E48-4E4822E8B91E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:integrated_lights-out_firmware:1.41a:*:*:*:*:*:*:*",
"matchCriteriaId": "5CCFA86E-B3F6-4E71-ABC8-75783EBC8817",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:integrated_lights-out_firmware:1.42a:*:*:*:*:*:*:*",
"matchCriteriaId": "FC6ED7F5-C616-4FDD-9D36-697F19A0BE25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:integrated_lights-out_firmware:1.50:*:*:*:*:*:*:*",
"matchCriteriaId": "D69393F4-139D-47E3-9125-D8633B192C91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:integrated_lights-out_firmware:1.50a:*:*:*:*:*:*:*",
"matchCriteriaId": "D4397221-10C5-46E8-93A5-17497C5F82DE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in HP Integrated Lights-Out 3 (aka iLO3) firmware before 1.60 and 4 (aka iLO4) firmware before 1.30 allows remote attackers to bypass authentication via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en HP Integrated Lights-Out 3 (tambi\u00e9n conocido como iLO3) firmware anterior a v1.60 y 4 (tambi\u00e9n conocido como iLO4) firmware anterior a v1.30, permite a atacantes remotos evitar la autenticaci\u00f3n a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2013-4805",
"lastModified": "2024-11-21T01:56:26.760",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 8.5,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-08-05T13:22:48.160",
"references": [
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03844348"
},
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03844348"
},
{
"source": "hp-security-alert@hp.com",
"url": "http://www.securityfocus.com/bid/61556"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03844348"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03844348"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/61556"
}
],
"sourceIdentifier": "hp-security-alert@hp.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}