All the vulnerabilites related to hpe - proliant_xl925g_gen10_plus_server
cve-2022-28628
Vulnerability from cvelistv5
Published
2022-08-11 17:16
Modified
2024-08-03 05:56
Severity ?
EPSS score ?
Summary
A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality, integrity, and availability. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5).
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04333en_us | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | HPE Integrated Lights-Out 5 (iLO 5) |
Version: Prior to 2.71 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:56:16.083Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04333en_us"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HPE Integrated Lights-Out 5 (iLO 5)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 2.71"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality, integrity, and availability. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "local arbitrary code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-11T17:16:30",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04333en_us"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2022-28628",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HPE Integrated Lights-Out 5 (iLO 5)",
"version": {
"version_data": [
{
"version_value": "Prior to 2.71"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality, integrity, and availability. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "local arbitrary code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04333en_us",
"refsource": "MISC",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04333en_us"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-28628",
"datePublished": "2022-08-11T17:16:30",
"dateReserved": "2022-04-04T00:00:00",
"dateUpdated": "2024-08-03T05:56:16.083Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-28626
Vulnerability from cvelistv5
Published
2022-08-11 17:16
Modified
2024-08-03 05:56
Severity ?
EPSS score ?
Summary
A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. A highly privileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality, integrity, and availability. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5).
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04333en_us | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | HPE Integrated Lights-Out 5 (iLO 5) |
Version: Prior to 2.71 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:56:16.109Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04333en_us"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HPE Integrated Lights-Out 5 (iLO 5)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 2.71"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. A highly privileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality, integrity, and availability. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "local arbitrary code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-11T17:16:14",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04333en_us"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2022-28626",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HPE Integrated Lights-Out 5 (iLO 5)",
"version": {
"version_data": [
{
"version_value": "Prior to 2.71"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. A highly privileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality, integrity, and availability. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "local arbitrary code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04333en_us",
"refsource": "MISC",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04333en_us"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-28626",
"datePublished": "2022-08-11T17:16:14",
"dateReserved": "2022-04-04T00:00:00",
"dateUpdated": "2024-08-03T05:56:16.109Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-28630
Vulnerability from cvelistv5
Published
2022-08-11 17:17
Modified
2024-08-03 05:56
Severity ?
EPSS score ?
Summary
A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality and integrity, and a partial loss of availability. User interaction is required to exploit this vulnerability. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5).
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04333en_us | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | HPE Integrated Lights-Out 5 (iLO 5) |
Version: Prior to 2.71 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:56:16.012Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04333en_us"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HPE Integrated Lights-Out 5 (iLO 5)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 2.71"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality and integrity, and a partial loss of availability. User interaction is required to exploit this vulnerability. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "local arbitrary code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-11T17:17:05",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04333en_us"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2022-28630",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HPE Integrated Lights-Out 5 (iLO 5)",
"version": {
"version_data": [
{
"version_value": "Prior to 2.71"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality and integrity, and a partial loss of availability. User interaction is required to exploit this vulnerability. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "local arbitrary code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04333en_us",
"refsource": "MISC",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04333en_us"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-28630",
"datePublished": "2022-08-11T17:17:05",
"dateReserved": "2022-04-04T00:00:00",
"dateUpdated": "2024-08-03T05:56:16.012Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-28635
Vulnerability from cvelistv5
Published
2022-08-11 17:18
Modified
2024-08-03 05:56
Severity ?
EPSS score ?
Summary
A potential local arbitrary code execution and a local denial of service (DoS) vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could locally exploit this vulnerability to potentially execute arbitrary code in an isolated process resulting in a complete loss of confidentiality, integrity, and availability within that process. In addition, an unprivileged user could exploit a denial of service (DoS) vulnerability in an isolated process resulting in a complete loss of availability within that process. A successful attack depends on conditions beyond the attackers control. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5).
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04333en_us | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | HPE Integrated Lights-Out 5 (iLO 5) |
Version: Prior to 2.71 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:56:16.091Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04333en_us"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HPE Integrated Lights-Out 5 (iLO 5)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 2.71"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A potential local arbitrary code execution and a local denial of service (DoS) vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could locally exploit this vulnerability to potentially execute arbitrary code in an isolated process resulting in a complete loss of confidentiality, integrity, and availability within that process. In addition, an unprivileged user could exploit a denial of service (DoS) vulnerability in an isolated process resulting in a complete loss of availability within that process. A successful attack depends on conditions beyond the attackers control. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "local arbitrary code execution and denial of service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-11T17:18:00",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04333en_us"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2022-28635",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HPE Integrated Lights-Out 5 (iLO 5)",
"version": {
"version_data": [
{
"version_value": "Prior to 2.71"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential local arbitrary code execution and a local denial of service (DoS) vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could locally exploit this vulnerability to potentially execute arbitrary code in an isolated process resulting in a complete loss of confidentiality, integrity, and availability within that process. In addition, an unprivileged user could exploit a denial of service (DoS) vulnerability in an isolated process resulting in a complete loss of availability within that process. A successful attack depends on conditions beyond the attackers control. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "local arbitrary code execution and denial of service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04333en_us",
"refsource": "MISC",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04333en_us"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-28635",
"datePublished": "2022-08-11T17:18:00",
"dateReserved": "2022-04-04T00:00:00",
"dateUpdated": "2024-08-03T05:56:16.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-28632
Vulnerability from cvelistv5
Published
2022-08-11 17:17
Modified
2024-08-03 05:56
Severity ?
EPSS score ?
Summary
A potential arbitrary code execution and a denial of service (DoS) vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could exploit this vulnerability in an adjacent network to potentially execute arbitrary code in an isolated process resulting in a complete loss of confidentiality, integrity, and availability within that process. In addition, an unprivileged user could exploit a denial of service (DoS) vulnerability in an isolated process resulting in a complete loss of availability within that process. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5).
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04333en_us | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | HPE Integrated Lights-Out 5 (iLO 5) |
Version: Prior to 2.71 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:56:16.184Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04333en_us"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HPE Integrated Lights-Out 5 (iLO 5)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 2.71"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A potential arbitrary code execution and a denial of service (DoS) vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could exploit this vulnerability in an adjacent network to potentially execute arbitrary code in an isolated process resulting in a complete loss of confidentiality, integrity, and availability within that process. In addition, an unprivileged user could exploit a denial of service (DoS) vulnerability in an isolated process resulting in a complete loss of availability within that process. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "adjacent arbitrary code execution and denial of service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-11T17:17:33",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04333en_us"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2022-28632",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HPE Integrated Lights-Out 5 (iLO 5)",
"version": {
"version_data": [
{
"version_value": "Prior to 2.71"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential arbitrary code execution and a denial of service (DoS) vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could exploit this vulnerability in an adjacent network to potentially execute arbitrary code in an isolated process resulting in a complete loss of confidentiality, integrity, and availability within that process. In addition, an unprivileged user could exploit a denial of service (DoS) vulnerability in an isolated process resulting in a complete loss of availability within that process. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "adjacent arbitrary code execution and denial of service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04333en_us",
"refsource": "MISC",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04333en_us"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-28632",
"datePublished": "2022-08-11T17:17:33",
"dateReserved": "2022-04-04T00:00:00",
"dateUpdated": "2024-08-03T05:56:16.184Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-28633
Vulnerability from cvelistv5
Published
2022-08-11 17:18
Modified
2024-08-03 05:56
Severity ?
EPSS score ?
Summary
A local disclosure of sensitive information and a local unauthorized data modification vulnerability were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could locally exploit this vulnerability to read and write to the iLO 5 firmware file system resulting in a complete loss of confidentiality and a partial loss of integrity and availability. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5).
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04333en_us | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | HPE Integrated Lights-Out 5 (iLO 5) |
Version: Prior to 2.71 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:56:16.040Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04333en_us"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HPE Integrated Lights-Out 5 (iLO 5)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 2.71"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A local disclosure of sensitive information and a local unauthorized data modification vulnerability were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could locally exploit this vulnerability to read and write to the iLO 5 firmware file system resulting in a complete loss of confidentiality and a partial loss of integrity and availability. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "local disclosure of sensitive information and local unauthorized data modification",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-11T17:18:12",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04333en_us"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2022-28633",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HPE Integrated Lights-Out 5 (iLO 5)",
"version": {
"version_data": [
{
"version_value": "Prior to 2.71"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A local disclosure of sensitive information and a local unauthorized data modification vulnerability were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could locally exploit this vulnerability to read and write to the iLO 5 firmware file system resulting in a complete loss of confidentiality and a partial loss of integrity and availability. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "local disclosure of sensitive information and local unauthorized data modification"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04333en_us",
"refsource": "MISC",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04333en_us"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-28633",
"datePublished": "2022-08-11T17:18:12",
"dateReserved": "2022-04-04T00:00:00",
"dateUpdated": "2024-08-03T05:56:16.040Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-28636
Vulnerability from cvelistv5
Published
2022-08-11 17:17
Modified
2024-08-03 05:56
Severity ?
EPSS score ?
Summary
A potential local arbitrary code execution and a local denial of service (DoS) vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could locally exploit this vulnerability to potentially execute arbitrary code in an isolated process resulting in a complete loss of confidentiality, integrity, and availability within that process. In addition, an unprivileged user could exploit a denial of service (DoS) vulnerability in an isolated process resulting in a complete loss of availability within that process. A successful attack depends on conditions beyond the attackers control. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5).
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04333en_us | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | HPE Integrated Lights-Out 5 (iLO 5) |
Version: Prior to 2.71 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:56:16.445Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04333en_us"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HPE Integrated Lights-Out 5 (iLO 5)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 2.71"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A potential local arbitrary code execution and a local denial of service (DoS) vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could locally exploit this vulnerability to potentially execute arbitrary code in an isolated process resulting in a complete loss of confidentiality, integrity, and availability within that process. In addition, an unprivileged user could exploit a denial of service (DoS) vulnerability in an isolated process resulting in a complete loss of availability within that process. A successful attack depends on conditions beyond the attackers control. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "local arbitrary code execution and denial of service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-11T17:17:47",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04333en_us"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2022-28636",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HPE Integrated Lights-Out 5 (iLO 5)",
"version": {
"version_data": [
{
"version_value": "Prior to 2.71"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential local arbitrary code execution and a local denial of service (DoS) vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could locally exploit this vulnerability to potentially execute arbitrary code in an isolated process resulting in a complete loss of confidentiality, integrity, and availability within that process. In addition, an unprivileged user could exploit a denial of service (DoS) vulnerability in an isolated process resulting in a complete loss of availability within that process. A successful attack depends on conditions beyond the attackers control. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "local arbitrary code execution and denial of service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04333en_us",
"refsource": "MISC",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04333en_us"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-28636",
"datePublished": "2022-08-11T17:17:47",
"dateReserved": "2022-04-04T00:00:00",
"dateUpdated": "2024-08-03T05:56:16.445Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-28634
Vulnerability from cvelistv5
Published
2022-08-11 17:18
Modified
2024-08-03 05:56
Severity ?
EPSS score ?
Summary
A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. A highly privileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality, integrity, and availability. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5).
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04333en_us | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | HPE Integrated Lights-Out 5 (iLO 5) |
Version: Prior to 2.71 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:56:16.229Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04333en_us"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HPE Integrated Lights-Out 5 (iLO 5)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 2.71"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. A highly privileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality, integrity, and availability. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "local arbitrary code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-11T17:18:25",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04333en_us"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2022-28634",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HPE Integrated Lights-Out 5 (iLO 5)",
"version": {
"version_data": [
{
"version_value": "Prior to 2.71"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. A highly privileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality, integrity, and availability. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "local arbitrary code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04333en_us",
"refsource": "MISC",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04333en_us"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-28634",
"datePublished": "2022-08-11T17:18:25",
"dateReserved": "2022-04-04T00:00:00",
"dateUpdated": "2024-08-03T05:56:16.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-28629
Vulnerability from cvelistv5
Published
2022-08-11 17:16
Modified
2024-08-03 05:56
Severity ?
EPSS score ?
Summary
A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. A low privileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality, integrity, and availability. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5).
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04333en_us | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | HPE Integrated Lights-Out 5 (iLO 5) |
Version: Prior to 2.71 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:56:16.130Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04333en_us"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HPE Integrated Lights-Out 5 (iLO 5)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 2.71"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. A low privileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality, integrity, and availability. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "local arbitrary code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-11T17:16:53",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04333en_us"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2022-28629",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HPE Integrated Lights-Out 5 (iLO 5)",
"version": {
"version_data": [
{
"version_value": "Prior to 2.71"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. A low privileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality, integrity, and availability. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "local arbitrary code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04333en_us",
"refsource": "MISC",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04333en_us"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-28629",
"datePublished": "2022-08-11T17:16:53",
"dateReserved": "2022-04-04T00:00:00",
"dateUpdated": "2024-08-03T05:56:16.130Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-28631
Vulnerability from cvelistv5
Published
2022-08-11 17:17
Modified
2024-08-03 05:56
Severity ?
EPSS score ?
Summary
A potential arbitrary code execution and a denial of service (DoS) vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could exploit this vulnerability in an adjacent network to potentially execute arbitrary code in an isolated process resulting in a complete loss of confidentiality, integrity, and availability within that process. In addition, an unprivileged user could exploit a denial of service (DoS) vulnerability in an isolated process resulting in a complete loss of availability within that process. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5).
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04333en_us | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | HPE Integrated Lights-Out 5 (iLO 5) |
Version: Prior to 2.71 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:56:16.092Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04333en_us"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HPE Integrated Lights-Out 5 (iLO 5)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 2.71"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A potential arbitrary code execution and a denial of service (DoS) vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could exploit this vulnerability in an adjacent network to potentially execute arbitrary code in an isolated process resulting in a complete loss of confidentiality, integrity, and availability within that process. In addition, an unprivileged user could exploit a denial of service (DoS) vulnerability in an isolated process resulting in a complete loss of availability within that process. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "adjacent arbitrary code execution and denial of service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-11T17:17:19",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04333en_us"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2022-28631",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HPE Integrated Lights-Out 5 (iLO 5)",
"version": {
"version_data": [
{
"version_value": "Prior to 2.71"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential arbitrary code execution and a denial of service (DoS) vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could exploit this vulnerability in an adjacent network to potentially execute arbitrary code in an isolated process resulting in a complete loss of confidentiality, integrity, and availability within that process. In addition, an unprivileged user could exploit a denial of service (DoS) vulnerability in an isolated process resulting in a complete loss of availability within that process. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "adjacent arbitrary code execution and denial of service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04333en_us",
"refsource": "MISC",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04333en_us"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-28631",
"datePublished": "2022-08-11T17:17:19",
"dateReserved": "2022-04-04T00:00:00",
"dateUpdated": "2024-08-03T05:56:16.092Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-28627
Vulnerability from cvelistv5
Published
2022-08-11 17:16
Modified
2024-08-03 05:56
Severity ?
EPSS score ?
Summary
A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality, integrity, and availability. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5).
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04333en_us | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | HPE Integrated Lights-Out 5 (iLO 5) |
Version: Prior to 2.71 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:56:16.043Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04333en_us"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HPE Integrated Lights-Out 5 (iLO 5)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 2.71"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality, integrity, and availability. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "local arbitrary code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-11T17:16:41",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04333en_us"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2022-28627",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HPE Integrated Lights-Out 5 (iLO 5)",
"version": {
"version_data": [
{
"version_value": "Prior to 2.71"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality, integrity, and availability. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "local arbitrary code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04333en_us",
"refsource": "MISC",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04333en_us"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-28627",
"datePublished": "2022-08-11T17:16:41",
"dateReserved": "2022-04-04T00:00:00",
"dateUpdated": "2024-08-03T05:56:16.043Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2022-08-12 15:15
Modified
2024-11-21 06:57
Severity ?
Summary
A local disclosure of sensitive information and a local unauthorized data modification vulnerability were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could locally exploit this vulnerability to read and write to the iLO 5 firmware file system resulting in a complete loss of confidentiality and a partial loss of integrity and availability. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5).
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hpe:integrated_lights-out_5_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50DE87E4-C7BA-45DF-A8D2-82278A87ECEA",
"versionEndExcluding": "2.71",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hpe:apollo_2000_gen10_plus_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03743177-70D4-442B-B59F-43912385CC83",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_4200_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFB818A6-80D5-4DD7-8E0D-EC25764A0693",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_4510_gen10_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25418088-0890-401E-837C-611154B2C433",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_6500_gen10_plus_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D1480B92-9A59-4675-B2DF-6DAE385927B2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_6500_gen10_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC09C72C-0BD3-4DB1-96C6-72F2330D4165",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_n2600_gen10_plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB23B5E3-887B-41C8-B83E-0203BEC9DDB1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_n2800_gen10_plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33A5C2F7-66E1-483F-95E7-D51C6D32E7CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_r2600_gen10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A478D98-EE4E-45ED-A257-F154693E6FB2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_r2800_gen10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CAC257C-8594-454D-BA28-5D98F03AF3EC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:edgeline_e920_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4CB4D5F2-2E5C-4191-ACA0-D086E08FFDA4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:edgeline_e920d_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4AC36ED1-D392-4DC6-B3E0-99A821705AA2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:edgeline_e920t_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D0ACC75-47E9-439A-9338-170478FB326F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_bl460c_gen10_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C25FD273-0E16-4975-985C-8BD96AE0D449",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl110_gen10_plus_telco_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "554BD1A9-19DC-40E7-875F-2C6091CDC904",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl120_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5876FB45-B037-4355-BAE9-69157FD0A402",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl160_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0C77CAF-0A18-4447-93BD-C64595475E37",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl180_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08D81BA5-E5D8-4D42-8C42-A91063008359",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl20_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA978EC2-6027-4605-BECC-68B4682DB5E5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl20_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B15D52EA-CE63-47AF-993D-265163B5B38E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl325_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1F98CB6-3933-4425-A7E9-542AB764C8C4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl325_gen10_plus_v2_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A91E7E91-BED2-4CFE-AB7A-8537F1A589C8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl325_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "93765BE7-D8C2-48C8-9ADA-A7C36B993D95",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl345_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE801CF-95AB-409A-8063-9525FC1A3BF1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl360_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A540039-4339-44CE-92AD-83B80928FC81",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl360_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD08B95A-240C-436E-91B5-2D594F6F1F07",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl365_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B7151CE9-BAD2-47B8-9283-5BEB53C93D98",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl380_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E27B2E8E-1F1D-4397-BE33-80755D6BE56C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl380_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8545248A-2943-4B8D-A295-BE7D43492BC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl385_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00B032E4-9663-4525-ACC4-217B5E266124",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl385_gen10_plus_v2_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61758FDD-0744-4207-950E-D11717E9E5D1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl385_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D3845235-CAFC-4FB3-AB26-F0E8A8815F88",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl560_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8389F7F-7653-4695-91CC-DCFACC870094",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl580_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "419470B4-80EF-46BF-8DB4-6569D3E8435F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx170r_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7591DA99-B0CA-4A23-A8C5-C6D9084C2329",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx190r_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A1642BAB-2EC5-4E89-86DE-7B9BECA4F6CB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx220n_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D176EE5-FDE7-475B-802A-AFD21A9F6E87",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx325_gen10_plus_v2_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18B76D60-5493-4959-A85E-91C1D810365F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx360_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40D9CF07-D08E-4B36-B25D-1011AF0463DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx360_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26D8AA54-634D-4870-AC5E-BD8F70EDB83D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx380_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8464FB6E-5744-44B7-BD1F-87D8F382A30B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx380_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C8768C-5E7D-4C11-8C49-182CC1D643B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx385_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "594B767B-41AB-436A-AF2C-10185E1161F4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx385_gen10_plus_v2_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "779A6A62-4357-46FF-9BA8-F53E657A4E31",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx4200_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B00D29DB-B073-4C5A-934D-87A311D57657",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx560_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5869DE25-F914-48E0-8AFF-72C463E99084",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_e910_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "174EF59C-18A6-4490-A23A-76E74C1D2AFA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_e910t_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C755817B-B074-4496-934B-A30C72A4F849",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_m750_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E79D5665-6654-4AF7-A3DE-7F338067E8C3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_microserver_gen10_plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F8B5AC2-7889-4654-88D2-289CE20A4ED7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_ml110_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB32875E-11E3-443E-809C-12CCAE574570",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_ml30_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5527AD20-7E19-4987-915D-FCFFEBFDA4C6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_ml30_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "76C24685-FEE2-494F-9806-56477E62FD1A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_ml350_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C7DE16BA-939E-4C26-B03B-439E60C7C872",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl170r_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B224273-2E15-41F2-84D6-D754F6B76B49",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl190r_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1ACD7139-05F6-4D60-BB0F-9AA6952720CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl220n_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "01181BEB-DE0B-49AA-B632-91B40046120F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl225n_gen10_plus_1u_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9334B70C-EBBD-4D0F-A0DC-EC84E014701E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl230k_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50247A44-3EA0-4B4B-9AB6-64D9B470F190",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl270d_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A21F0B8-D613-46CD-BAEC-5CD876FD5352",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl290n_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4435D5C3-A7CB-4EA6-87A9-6026DAC8DA47",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl420_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1EDA2E27-1E51-4DC3-A907-C6273168D366",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl450_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DBD81201-ECD9-4E9F-A6F0-7EAEB1DA9891",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl645d_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "424298C0-01E2-4770-818D-25F47A801F88",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl675d_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E7408A4-7409-4223-ABA7-C1F35E84D213",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl925g_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0700905D-BEA8-46A7-95D4-27BC3793FA51",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storage_file_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCBE981-8F98-49B2-B09D-B0187D5DF322",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storage_performance_file_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A9E7335-3545-4F2D-A915-AB6B34EBB76D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1460_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BFC69BAD-3243-405F-839E-8BE9E2562205",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1560_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C386FE40-4223-4F35-A04A-84008B7A1B8E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1660_expanded_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3E86E62-1B51-4934-B8B6-40D920BE6192",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1660_performance_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F5D34B52-2803-43B0-942A-F974CBE14531",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1660_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EFC53F93-901B-40A9-BAAD-DD5A8865E824",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1860_performance_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A06978-A8B5-4251-955F-2DF206962605",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1860_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D82CC8E6-A017-406E-B993-4CFFEB230829",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A local disclosure of sensitive information and a local unauthorized data modification vulnerability were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could locally exploit this vulnerability to read and write to the iLO 5 firmware file system resulting in a complete loss of confidentiality and a partial loss of integrity and availability. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5)."
},
{
"lang": "es",
"value": "Se ha detectado una divulgaci\u00f3n local de informaci\u00f3n confidencial y una vulnerabilidad local de modificaci\u00f3n de datos no autorizada en HPE Integrated Lights-Out 5 (iLO 5) versiones de firmware anteriores a 2.71. Un usuario no privilegiado podr\u00eda explotar localmente esta vulnerabilidad para leer y escribir en el sistema de archivos del firmware de iLO 5 resultando en una p\u00e9rdida completa de confidencialidad y una p\u00e9rdida parcial de integridad y disponibilidad. HPE ha proporcionado una actualizaci\u00f3n de firmware para resolver esta vulnerabilidad en HPE Integrated Lights-Out 5 (iLO 5)."
}
],
"id": "CVE-2022-28633",
"lastModified": "2024-11-21T06:57:37.317",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 4.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-12T15:15:14.337",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04333en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04333en_us"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-12 15:15
Modified
2024-11-21 06:57
Severity ?
Summary
A potential local arbitrary code execution and a local denial of service (DoS) vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could locally exploit this vulnerability to potentially execute arbitrary code in an isolated process resulting in a complete loss of confidentiality, integrity, and availability within that process. In addition, an unprivileged user could exploit a denial of service (DoS) vulnerability in an isolated process resulting in a complete loss of availability within that process. A successful attack depends on conditions beyond the attackers control. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5).
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hpe:integrated_lights-out_5_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50DE87E4-C7BA-45DF-A8D2-82278A87ECEA",
"versionEndExcluding": "2.71",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hpe:apollo_2000_gen10_plus_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03743177-70D4-442B-B59F-43912385CC83",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_4200_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFB818A6-80D5-4DD7-8E0D-EC25764A0693",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_4510_gen10_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25418088-0890-401E-837C-611154B2C433",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_6500_gen10_plus_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D1480B92-9A59-4675-B2DF-6DAE385927B2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_6500_gen10_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC09C72C-0BD3-4DB1-96C6-72F2330D4165",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_n2600_gen10_plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB23B5E3-887B-41C8-B83E-0203BEC9DDB1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_n2800_gen10_plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33A5C2F7-66E1-483F-95E7-D51C6D32E7CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_r2600_gen10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A478D98-EE4E-45ED-A257-F154693E6FB2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_r2800_gen10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CAC257C-8594-454D-BA28-5D98F03AF3EC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:edgeline_e920_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4CB4D5F2-2E5C-4191-ACA0-D086E08FFDA4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:edgeline_e920d_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4AC36ED1-D392-4DC6-B3E0-99A821705AA2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:edgeline_e920t_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D0ACC75-47E9-439A-9338-170478FB326F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_bl460c_gen10_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C25FD273-0E16-4975-985C-8BD96AE0D449",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl110_gen10_plus_telco_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "554BD1A9-19DC-40E7-875F-2C6091CDC904",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl120_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5876FB45-B037-4355-BAE9-69157FD0A402",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl160_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0C77CAF-0A18-4447-93BD-C64595475E37",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl180_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08D81BA5-E5D8-4D42-8C42-A91063008359",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl20_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA978EC2-6027-4605-BECC-68B4682DB5E5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl20_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B15D52EA-CE63-47AF-993D-265163B5B38E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl325_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1F98CB6-3933-4425-A7E9-542AB764C8C4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl325_gen10_plus_v2_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A91E7E91-BED2-4CFE-AB7A-8537F1A589C8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl325_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "93765BE7-D8C2-48C8-9ADA-A7C36B993D95",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl345_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE801CF-95AB-409A-8063-9525FC1A3BF1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl360_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A540039-4339-44CE-92AD-83B80928FC81",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl360_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD08B95A-240C-436E-91B5-2D594F6F1F07",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl365_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B7151CE9-BAD2-47B8-9283-5BEB53C93D98",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl380_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E27B2E8E-1F1D-4397-BE33-80755D6BE56C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl380_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8545248A-2943-4B8D-A295-BE7D43492BC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl385_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00B032E4-9663-4525-ACC4-217B5E266124",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl385_gen10_plus_v2_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61758FDD-0744-4207-950E-D11717E9E5D1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl385_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D3845235-CAFC-4FB3-AB26-F0E8A8815F88",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl560_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8389F7F-7653-4695-91CC-DCFACC870094",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl580_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "419470B4-80EF-46BF-8DB4-6569D3E8435F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx170r_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7591DA99-B0CA-4A23-A8C5-C6D9084C2329",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx190r_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A1642BAB-2EC5-4E89-86DE-7B9BECA4F6CB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx220n_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D176EE5-FDE7-475B-802A-AFD21A9F6E87",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx325_gen10_plus_v2_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18B76D60-5493-4959-A85E-91C1D810365F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx360_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40D9CF07-D08E-4B36-B25D-1011AF0463DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx360_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26D8AA54-634D-4870-AC5E-BD8F70EDB83D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx380_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8464FB6E-5744-44B7-BD1F-87D8F382A30B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx380_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C8768C-5E7D-4C11-8C49-182CC1D643B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx385_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "594B767B-41AB-436A-AF2C-10185E1161F4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx385_gen10_plus_v2_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "779A6A62-4357-46FF-9BA8-F53E657A4E31",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx4200_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B00D29DB-B073-4C5A-934D-87A311D57657",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx560_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5869DE25-F914-48E0-8AFF-72C463E99084",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_e910_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "174EF59C-18A6-4490-A23A-76E74C1D2AFA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_e910t_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C755817B-B074-4496-934B-A30C72A4F849",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_m750_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E79D5665-6654-4AF7-A3DE-7F338067E8C3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_microserver_gen10_plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F8B5AC2-7889-4654-88D2-289CE20A4ED7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_ml110_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB32875E-11E3-443E-809C-12CCAE574570",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_ml30_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5527AD20-7E19-4987-915D-FCFFEBFDA4C6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_ml30_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "76C24685-FEE2-494F-9806-56477E62FD1A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_ml350_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C7DE16BA-939E-4C26-B03B-439E60C7C872",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl170r_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B224273-2E15-41F2-84D6-D754F6B76B49",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl190r_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1ACD7139-05F6-4D60-BB0F-9AA6952720CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl220n_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "01181BEB-DE0B-49AA-B632-91B40046120F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl225n_gen10_plus_1u_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9334B70C-EBBD-4D0F-A0DC-EC84E014701E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl230k_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50247A44-3EA0-4B4B-9AB6-64D9B470F190",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl270d_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A21F0B8-D613-46CD-BAEC-5CD876FD5352",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl290n_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4435D5C3-A7CB-4EA6-87A9-6026DAC8DA47",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl420_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1EDA2E27-1E51-4DC3-A907-C6273168D366",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl450_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DBD81201-ECD9-4E9F-A6F0-7EAEB1DA9891",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl645d_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "424298C0-01E2-4770-818D-25F47A801F88",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl675d_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E7408A4-7409-4223-ABA7-C1F35E84D213",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl925g_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0700905D-BEA8-46A7-95D4-27BC3793FA51",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storage_file_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCBE981-8F98-49B2-B09D-B0187D5DF322",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storage_performance_file_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A9E7335-3545-4F2D-A915-AB6B34EBB76D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1460_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BFC69BAD-3243-405F-839E-8BE9E2562205",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1560_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C386FE40-4223-4F35-A04A-84008B7A1B8E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1660_expanded_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3E86E62-1B51-4934-B8B6-40D920BE6192",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1660_performance_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F5D34B52-2803-43B0-942A-F974CBE14531",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1660_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EFC53F93-901B-40A9-BAAD-DD5A8865E824",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1860_performance_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A06978-A8B5-4251-955F-2DF206962605",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1860_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D82CC8E6-A017-406E-B993-4CFFEB230829",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A potential local arbitrary code execution and a local denial of service (DoS) vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could locally exploit this vulnerability to potentially execute arbitrary code in an isolated process resulting in a complete loss of confidentiality, integrity, and availability within that process. In addition, an unprivileged user could exploit a denial of service (DoS) vulnerability in an isolated process resulting in a complete loss of availability within that process. A successful attack depends on conditions beyond the attackers control. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5)."
},
{
"lang": "es",
"value": "Se ha detectado una potencial ejecuci\u00f3n local de c\u00f3digo arbitrario y una vulnerabilidad de denegaci\u00f3n de servicio (DoS) local dentro de un proceso aislado en HPE Integrated Lights-Out 5 (iLO 5) versiones de firmware anteriores a 2.71. Un usuario no privilegiado podr\u00eda explotar localmente esta vulnerabilidad para ejecutar potencialmente c\u00f3digo arbitrario en un proceso aislado resultando en una p\u00e9rdida completa de confidencialidad, integridad y disponibilidad dentro de ese proceso. Adem\u00e1s, un usuario no privilegiado podr\u00eda explotar una vulnerabilidad de denegaci\u00f3n de servicio (DoS) en un proceso aislado resultando en una p\u00e9rdida completa de disponibilidad dentro de ese proceso. Un ataque con \u00e9xito depende de condiciones que est\u00e1n fuera del control de los atacantes. HPE ha proporcionado una actualizaci\u00f3n de firmware para resolver esta vulnerabilidad en HPE Integrated Lights-Out 5 (iLO 5)."
}
],
"id": "CVE-2022-28636",
"lastModified": "2024-11-21T06:57:37.667",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.4,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-12T15:15:14.467",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04333en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04333en_us"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-12 15:15
Modified
2024-11-21 06:57
Severity ?
Summary
A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. A highly privileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality, integrity, and availability. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5).
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hpe:integrated_lights-out_5_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50DE87E4-C7BA-45DF-A8D2-82278A87ECEA",
"versionEndExcluding": "2.71",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hpe:apollo_2000_gen10_plus_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03743177-70D4-442B-B59F-43912385CC83",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_4200_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFB818A6-80D5-4DD7-8E0D-EC25764A0693",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_4510_gen10_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25418088-0890-401E-837C-611154B2C433",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_6500_gen10_plus_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D1480B92-9A59-4675-B2DF-6DAE385927B2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_6500_gen10_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC09C72C-0BD3-4DB1-96C6-72F2330D4165",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_n2600_gen10_plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB23B5E3-887B-41C8-B83E-0203BEC9DDB1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_n2800_gen10_plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33A5C2F7-66E1-483F-95E7-D51C6D32E7CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_r2600_gen10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A478D98-EE4E-45ED-A257-F154693E6FB2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_r2800_gen10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CAC257C-8594-454D-BA28-5D98F03AF3EC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:edgeline_e920_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4CB4D5F2-2E5C-4191-ACA0-D086E08FFDA4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:edgeline_e920d_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4AC36ED1-D392-4DC6-B3E0-99A821705AA2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:edgeline_e920t_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D0ACC75-47E9-439A-9338-170478FB326F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_bl460c_gen10_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C25FD273-0E16-4975-985C-8BD96AE0D449",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl110_gen10_plus_telco_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "554BD1A9-19DC-40E7-875F-2C6091CDC904",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl120_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5876FB45-B037-4355-BAE9-69157FD0A402",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl160_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0C77CAF-0A18-4447-93BD-C64595475E37",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl180_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08D81BA5-E5D8-4D42-8C42-A91063008359",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl20_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA978EC2-6027-4605-BECC-68B4682DB5E5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl20_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B15D52EA-CE63-47AF-993D-265163B5B38E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl325_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1F98CB6-3933-4425-A7E9-542AB764C8C4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl325_gen10_plus_v2_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A91E7E91-BED2-4CFE-AB7A-8537F1A589C8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl325_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "93765BE7-D8C2-48C8-9ADA-A7C36B993D95",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl345_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE801CF-95AB-409A-8063-9525FC1A3BF1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl360_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A540039-4339-44CE-92AD-83B80928FC81",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl360_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD08B95A-240C-436E-91B5-2D594F6F1F07",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl365_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B7151CE9-BAD2-47B8-9283-5BEB53C93D98",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl380_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E27B2E8E-1F1D-4397-BE33-80755D6BE56C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl380_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8545248A-2943-4B8D-A295-BE7D43492BC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl385_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00B032E4-9663-4525-ACC4-217B5E266124",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl385_gen10_plus_v2_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61758FDD-0744-4207-950E-D11717E9E5D1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl385_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D3845235-CAFC-4FB3-AB26-F0E8A8815F88",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl560_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8389F7F-7653-4695-91CC-DCFACC870094",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl580_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "419470B4-80EF-46BF-8DB4-6569D3E8435F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx170r_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7591DA99-B0CA-4A23-A8C5-C6D9084C2329",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx190r_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A1642BAB-2EC5-4E89-86DE-7B9BECA4F6CB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx220n_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D176EE5-FDE7-475B-802A-AFD21A9F6E87",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx325_gen10_plus_v2_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18B76D60-5493-4959-A85E-91C1D810365F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx360_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40D9CF07-D08E-4B36-B25D-1011AF0463DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx360_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26D8AA54-634D-4870-AC5E-BD8F70EDB83D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx380_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8464FB6E-5744-44B7-BD1F-87D8F382A30B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx380_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C8768C-5E7D-4C11-8C49-182CC1D643B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx385_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "594B767B-41AB-436A-AF2C-10185E1161F4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx385_gen10_plus_v2_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "779A6A62-4357-46FF-9BA8-F53E657A4E31",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx4200_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B00D29DB-B073-4C5A-934D-87A311D57657",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx560_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5869DE25-F914-48E0-8AFF-72C463E99084",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_e910_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "174EF59C-18A6-4490-A23A-76E74C1D2AFA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_e910t_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C755817B-B074-4496-934B-A30C72A4F849",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_m750_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E79D5665-6654-4AF7-A3DE-7F338067E8C3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_microserver_gen10_plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F8B5AC2-7889-4654-88D2-289CE20A4ED7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_ml110_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB32875E-11E3-443E-809C-12CCAE574570",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_ml30_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5527AD20-7E19-4987-915D-FCFFEBFDA4C6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_ml30_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "76C24685-FEE2-494F-9806-56477E62FD1A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_ml350_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C7DE16BA-939E-4C26-B03B-439E60C7C872",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl170r_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B224273-2E15-41F2-84D6-D754F6B76B49",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl190r_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1ACD7139-05F6-4D60-BB0F-9AA6952720CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl220n_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "01181BEB-DE0B-49AA-B632-91B40046120F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl225n_gen10_plus_1u_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9334B70C-EBBD-4D0F-A0DC-EC84E014701E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl230k_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50247A44-3EA0-4B4B-9AB6-64D9B470F190",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl270d_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A21F0B8-D613-46CD-BAEC-5CD876FD5352",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl290n_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4435D5C3-A7CB-4EA6-87A9-6026DAC8DA47",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl420_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1EDA2E27-1E51-4DC3-A907-C6273168D366",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl450_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DBD81201-ECD9-4E9F-A6F0-7EAEB1DA9891",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl645d_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "424298C0-01E2-4770-818D-25F47A801F88",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl675d_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E7408A4-7409-4223-ABA7-C1F35E84D213",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl925g_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0700905D-BEA8-46A7-95D4-27BC3793FA51",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storage_file_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCBE981-8F98-49B2-B09D-B0187D5DF322",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storage_performance_file_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A9E7335-3545-4F2D-A915-AB6B34EBB76D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1460_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BFC69BAD-3243-405F-839E-8BE9E2562205",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1560_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C386FE40-4223-4F35-A04A-84008B7A1B8E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1660_expanded_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3E86E62-1B51-4934-B8B6-40D920BE6192",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1660_performance_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F5D34B52-2803-43B0-942A-F974CBE14531",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1660_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EFC53F93-901B-40A9-BAAD-DD5A8865E824",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1860_performance_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A06978-A8B5-4251-955F-2DF206962605",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1860_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D82CC8E6-A017-406E-B993-4CFFEB230829",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. A highly privileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality, integrity, and availability. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5)."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad de ejecuci\u00f3n local de c\u00f3digo arbitrario en HPE Integrated Lights-Out 5 (iLO 5) versiones de firmware anteriores a 2.71. Un usuario con altos privilegios podr\u00eda explotar localmente esta vulnerabilidad para ejecutar c\u00f3digo arbitrario resultando en una p\u00e9rdida completa de confidencialidad, integridad y disponibilidad. HPE ha proporcionado una actualizaci\u00f3n de firmware para resolver esta vulnerabilidad en HPE Integrated Lights-Out 5 (iLO 5)."
}
],
"id": "CVE-2022-28634",
"lastModified": "2024-11-21T06:57:37.430",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-12T15:15:14.383",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04333en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04333en_us"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-12 15:15
Modified
2024-11-21 06:57
Severity ?
Summary
A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality and integrity, and a partial loss of availability. User interaction is required to exploit this vulnerability. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5).
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hpe:integrated_lights-out_5_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50DE87E4-C7BA-45DF-A8D2-82278A87ECEA",
"versionEndExcluding": "2.71",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hpe:apollo_2000_gen10_plus_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03743177-70D4-442B-B59F-43912385CC83",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_4200_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFB818A6-80D5-4DD7-8E0D-EC25764A0693",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_4510_gen10_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25418088-0890-401E-837C-611154B2C433",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_6500_gen10_plus_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D1480B92-9A59-4675-B2DF-6DAE385927B2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_6500_gen10_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC09C72C-0BD3-4DB1-96C6-72F2330D4165",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_n2600_gen10_plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB23B5E3-887B-41C8-B83E-0203BEC9DDB1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_n2800_gen10_plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33A5C2F7-66E1-483F-95E7-D51C6D32E7CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_r2600_gen10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A478D98-EE4E-45ED-A257-F154693E6FB2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_r2800_gen10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CAC257C-8594-454D-BA28-5D98F03AF3EC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:edgeline_e920_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4CB4D5F2-2E5C-4191-ACA0-D086E08FFDA4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:edgeline_e920d_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4AC36ED1-D392-4DC6-B3E0-99A821705AA2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:edgeline_e920t_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D0ACC75-47E9-439A-9338-170478FB326F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_bl460c_gen10_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C25FD273-0E16-4975-985C-8BD96AE0D449",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl110_gen10_plus_telco_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "554BD1A9-19DC-40E7-875F-2C6091CDC904",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl120_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5876FB45-B037-4355-BAE9-69157FD0A402",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl160_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0C77CAF-0A18-4447-93BD-C64595475E37",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl180_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08D81BA5-E5D8-4D42-8C42-A91063008359",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl20_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA978EC2-6027-4605-BECC-68B4682DB5E5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl20_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B15D52EA-CE63-47AF-993D-265163B5B38E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl325_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1F98CB6-3933-4425-A7E9-542AB764C8C4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl325_gen10_plus_v2_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A91E7E91-BED2-4CFE-AB7A-8537F1A589C8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl325_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "93765BE7-D8C2-48C8-9ADA-A7C36B993D95",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl345_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE801CF-95AB-409A-8063-9525FC1A3BF1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl360_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A540039-4339-44CE-92AD-83B80928FC81",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl360_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD08B95A-240C-436E-91B5-2D594F6F1F07",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl365_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B7151CE9-BAD2-47B8-9283-5BEB53C93D98",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl380_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E27B2E8E-1F1D-4397-BE33-80755D6BE56C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl380_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8545248A-2943-4B8D-A295-BE7D43492BC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl385_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00B032E4-9663-4525-ACC4-217B5E266124",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl385_gen10_plus_v2_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61758FDD-0744-4207-950E-D11717E9E5D1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl385_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D3845235-CAFC-4FB3-AB26-F0E8A8815F88",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl560_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8389F7F-7653-4695-91CC-DCFACC870094",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl580_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "419470B4-80EF-46BF-8DB4-6569D3E8435F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx170r_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7591DA99-B0CA-4A23-A8C5-C6D9084C2329",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx190r_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A1642BAB-2EC5-4E89-86DE-7B9BECA4F6CB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx220n_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D176EE5-FDE7-475B-802A-AFD21A9F6E87",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx325_gen10_plus_v2_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18B76D60-5493-4959-A85E-91C1D810365F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx360_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40D9CF07-D08E-4B36-B25D-1011AF0463DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx360_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26D8AA54-634D-4870-AC5E-BD8F70EDB83D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx380_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8464FB6E-5744-44B7-BD1F-87D8F382A30B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx380_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C8768C-5E7D-4C11-8C49-182CC1D643B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx385_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "594B767B-41AB-436A-AF2C-10185E1161F4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx385_gen10_plus_v2_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "779A6A62-4357-46FF-9BA8-F53E657A4E31",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx4200_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B00D29DB-B073-4C5A-934D-87A311D57657",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx560_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5869DE25-F914-48E0-8AFF-72C463E99084",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_e910_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "174EF59C-18A6-4490-A23A-76E74C1D2AFA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_e910t_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C755817B-B074-4496-934B-A30C72A4F849",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_m750_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E79D5665-6654-4AF7-A3DE-7F338067E8C3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_microserver_gen10_plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F8B5AC2-7889-4654-88D2-289CE20A4ED7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_ml110_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB32875E-11E3-443E-809C-12CCAE574570",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_ml30_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5527AD20-7E19-4987-915D-FCFFEBFDA4C6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_ml30_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "76C24685-FEE2-494F-9806-56477E62FD1A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_ml350_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C7DE16BA-939E-4C26-B03B-439E60C7C872",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl170r_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B224273-2E15-41F2-84D6-D754F6B76B49",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl190r_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1ACD7139-05F6-4D60-BB0F-9AA6952720CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl220n_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "01181BEB-DE0B-49AA-B632-91B40046120F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl225n_gen10_plus_1u_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9334B70C-EBBD-4D0F-A0DC-EC84E014701E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl230k_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50247A44-3EA0-4B4B-9AB6-64D9B470F190",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl270d_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A21F0B8-D613-46CD-BAEC-5CD876FD5352",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl290n_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4435D5C3-A7CB-4EA6-87A9-6026DAC8DA47",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl420_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1EDA2E27-1E51-4DC3-A907-C6273168D366",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl450_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DBD81201-ECD9-4E9F-A6F0-7EAEB1DA9891",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl645d_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "424298C0-01E2-4770-818D-25F47A801F88",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl675d_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E7408A4-7409-4223-ABA7-C1F35E84D213",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl925g_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0700905D-BEA8-46A7-95D4-27BC3793FA51",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storage_file_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCBE981-8F98-49B2-B09D-B0187D5DF322",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storage_performance_file_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A9E7335-3545-4F2D-A915-AB6B34EBB76D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1460_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BFC69BAD-3243-405F-839E-8BE9E2562205",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1560_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C386FE40-4223-4F35-A04A-84008B7A1B8E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1660_expanded_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3E86E62-1B51-4934-B8B6-40D920BE6192",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1660_performance_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F5D34B52-2803-43B0-942A-F974CBE14531",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1660_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EFC53F93-901B-40A9-BAAD-DD5A8865E824",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1860_performance_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A06978-A8B5-4251-955F-2DF206962605",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1860_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D82CC8E6-A017-406E-B993-4CFFEB230829",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality and integrity, and a partial loss of availability. User interaction is required to exploit this vulnerability. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5)."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo arbitrario local en HPE Integrated Lights-Out 5 (iLO 5) versiones de firmware anteriores a 2.71. Un usuario no privilegiado podr\u00eda explotar localmente esta vulnerabilidad para ejecutar c\u00f3digo arbitrario resultando en una p\u00e9rdida completa de confidencialidad e integridad, y una p\u00e9rdida parcial de disponibilidad. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad. HPE ha proporcionado una actualizaci\u00f3n de firmware para resolver esta vulnerabilidad en HPE Integrated Lights-Out 5 (iLO 5)."
}
],
"id": "CVE-2022-28630",
"lastModified": "2024-11-21T06:57:36.917",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-12T15:15:14.210",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04333en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04333en_us"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-12 15:15
Modified
2024-11-21 06:57
Severity ?
Summary
A potential arbitrary code execution and a denial of service (DoS) vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could exploit this vulnerability in an adjacent network to potentially execute arbitrary code in an isolated process resulting in a complete loss of confidentiality, integrity, and availability within that process. In addition, an unprivileged user could exploit a denial of service (DoS) vulnerability in an isolated process resulting in a complete loss of availability within that process. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5).
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hpe:integrated_lights-out_5_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50DE87E4-C7BA-45DF-A8D2-82278A87ECEA",
"versionEndExcluding": "2.71",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hpe:apollo_2000_gen10_plus_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03743177-70D4-442B-B59F-43912385CC83",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_4200_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFB818A6-80D5-4DD7-8E0D-EC25764A0693",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_4510_gen10_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25418088-0890-401E-837C-611154B2C433",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_6500_gen10_plus_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D1480B92-9A59-4675-B2DF-6DAE385927B2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_6500_gen10_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC09C72C-0BD3-4DB1-96C6-72F2330D4165",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_n2600_gen10_plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB23B5E3-887B-41C8-B83E-0203BEC9DDB1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_n2800_gen10_plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33A5C2F7-66E1-483F-95E7-D51C6D32E7CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_r2600_gen10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A478D98-EE4E-45ED-A257-F154693E6FB2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_r2800_gen10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CAC257C-8594-454D-BA28-5D98F03AF3EC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:edgeline_e920_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4CB4D5F2-2E5C-4191-ACA0-D086E08FFDA4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:edgeline_e920d_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4AC36ED1-D392-4DC6-B3E0-99A821705AA2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:edgeline_e920t_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D0ACC75-47E9-439A-9338-170478FB326F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_bl460c_gen10_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C25FD273-0E16-4975-985C-8BD96AE0D449",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl110_gen10_plus_telco_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "554BD1A9-19DC-40E7-875F-2C6091CDC904",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl120_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5876FB45-B037-4355-BAE9-69157FD0A402",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl160_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0C77CAF-0A18-4447-93BD-C64595475E37",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl180_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08D81BA5-E5D8-4D42-8C42-A91063008359",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl20_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA978EC2-6027-4605-BECC-68B4682DB5E5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl20_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B15D52EA-CE63-47AF-993D-265163B5B38E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl325_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1F98CB6-3933-4425-A7E9-542AB764C8C4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl325_gen10_plus_v2_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A91E7E91-BED2-4CFE-AB7A-8537F1A589C8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl325_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "93765BE7-D8C2-48C8-9ADA-A7C36B993D95",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl345_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE801CF-95AB-409A-8063-9525FC1A3BF1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl360_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A540039-4339-44CE-92AD-83B80928FC81",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl360_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD08B95A-240C-436E-91B5-2D594F6F1F07",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl365_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B7151CE9-BAD2-47B8-9283-5BEB53C93D98",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl380_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E27B2E8E-1F1D-4397-BE33-80755D6BE56C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl380_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8545248A-2943-4B8D-A295-BE7D43492BC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl385_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00B032E4-9663-4525-ACC4-217B5E266124",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl385_gen10_plus_v2_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61758FDD-0744-4207-950E-D11717E9E5D1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl385_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D3845235-CAFC-4FB3-AB26-F0E8A8815F88",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl560_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8389F7F-7653-4695-91CC-DCFACC870094",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl580_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "419470B4-80EF-46BF-8DB4-6569D3E8435F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx170r_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7591DA99-B0CA-4A23-A8C5-C6D9084C2329",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx190r_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A1642BAB-2EC5-4E89-86DE-7B9BECA4F6CB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx220n_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D176EE5-FDE7-475B-802A-AFD21A9F6E87",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx325_gen10_plus_v2_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18B76D60-5493-4959-A85E-91C1D810365F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx360_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40D9CF07-D08E-4B36-B25D-1011AF0463DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx360_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26D8AA54-634D-4870-AC5E-BD8F70EDB83D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx380_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8464FB6E-5744-44B7-BD1F-87D8F382A30B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx380_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C8768C-5E7D-4C11-8C49-182CC1D643B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx385_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "594B767B-41AB-436A-AF2C-10185E1161F4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx385_gen10_plus_v2_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "779A6A62-4357-46FF-9BA8-F53E657A4E31",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx4200_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B00D29DB-B073-4C5A-934D-87A311D57657",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx560_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5869DE25-F914-48E0-8AFF-72C463E99084",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_e910_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "174EF59C-18A6-4490-A23A-76E74C1D2AFA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_e910t_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C755817B-B074-4496-934B-A30C72A4F849",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_m750_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E79D5665-6654-4AF7-A3DE-7F338067E8C3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_microserver_gen10_plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F8B5AC2-7889-4654-88D2-289CE20A4ED7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_ml110_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB32875E-11E3-443E-809C-12CCAE574570",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_ml30_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5527AD20-7E19-4987-915D-FCFFEBFDA4C6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_ml30_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "76C24685-FEE2-494F-9806-56477E62FD1A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_ml350_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C7DE16BA-939E-4C26-B03B-439E60C7C872",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl170r_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B224273-2E15-41F2-84D6-D754F6B76B49",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl190r_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1ACD7139-05F6-4D60-BB0F-9AA6952720CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl220n_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "01181BEB-DE0B-49AA-B632-91B40046120F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl225n_gen10_plus_1u_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9334B70C-EBBD-4D0F-A0DC-EC84E014701E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl230k_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50247A44-3EA0-4B4B-9AB6-64D9B470F190",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl270d_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A21F0B8-D613-46CD-BAEC-5CD876FD5352",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl290n_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4435D5C3-A7CB-4EA6-87A9-6026DAC8DA47",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl420_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1EDA2E27-1E51-4DC3-A907-C6273168D366",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl450_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DBD81201-ECD9-4E9F-A6F0-7EAEB1DA9891",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl645d_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "424298C0-01E2-4770-818D-25F47A801F88",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl675d_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E7408A4-7409-4223-ABA7-C1F35E84D213",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl925g_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0700905D-BEA8-46A7-95D4-27BC3793FA51",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storage_file_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCBE981-8F98-49B2-B09D-B0187D5DF322",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storage_performance_file_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A9E7335-3545-4F2D-A915-AB6B34EBB76D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1460_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BFC69BAD-3243-405F-839E-8BE9E2562205",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1560_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C386FE40-4223-4F35-A04A-84008B7A1B8E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1660_expanded_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3E86E62-1B51-4934-B8B6-40D920BE6192",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1660_performance_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F5D34B52-2803-43B0-942A-F974CBE14531",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1660_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EFC53F93-901B-40A9-BAAD-DD5A8865E824",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1860_performance_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A06978-A8B5-4251-955F-2DF206962605",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1860_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D82CC8E6-A017-406E-B993-4CFFEB230829",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A potential arbitrary code execution and a denial of service (DoS) vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could exploit this vulnerability in an adjacent network to potentially execute arbitrary code in an isolated process resulting in a complete loss of confidentiality, integrity, and availability within that process. In addition, an unprivileged user could exploit a denial of service (DoS) vulnerability in an isolated process resulting in a complete loss of availability within that process. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5)."
},
{
"lang": "es",
"value": "Se ha detectado una potencial ejecuci\u00f3n de c\u00f3digo arbitrario y una vulnerabilidad de denegaci\u00f3n de servicio (DoS) dentro de un proceso aislado en HPE Integrated Lights-Out 5 (iLO 5) versiones de firmware anteriores a 2.71. Un usuario no privilegiado podr\u00eda explotar esta vulnerabilidad en una red adyacente para ejecutar potencialmente c\u00f3digo arbitrario en un proceso aislado resultando en una p\u00e9rdida completa de confidencialidad, integridad y disponibilidad dentro de ese proceso. Adem\u00e1s, un usuario no privilegiado podr\u00eda explotar una vulnerabilidad de denegaci\u00f3n de servicio (DoS) en un proceso aislado resultando en una p\u00e9rdida completa de disponibilidad dentro de ese proceso. HPE ha proporcionado una actualizaci\u00f3n de firmware para resolver esta vulnerabilidad en HPE Integrated Lights-Out 5 (iLO 5)."
}
],
"id": "CVE-2022-28632",
"lastModified": "2024-11-21T06:57:37.153",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-12T15:15:14.297",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04333en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04333en_us"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-12 15:15
Modified
2024-11-21 06:57
Severity ?
Summary
A potential arbitrary code execution and a denial of service (DoS) vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could exploit this vulnerability in an adjacent network to potentially execute arbitrary code in an isolated process resulting in a complete loss of confidentiality, integrity, and availability within that process. In addition, an unprivileged user could exploit a denial of service (DoS) vulnerability in an isolated process resulting in a complete loss of availability within that process. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5).
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hpe:integrated_lights-out_5_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50DE87E4-C7BA-45DF-A8D2-82278A87ECEA",
"versionEndExcluding": "2.71",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hpe:apollo_2000_gen10_plus_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03743177-70D4-442B-B59F-43912385CC83",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_4200_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFB818A6-80D5-4DD7-8E0D-EC25764A0693",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_4510_gen10_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25418088-0890-401E-837C-611154B2C433",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_6500_gen10_plus_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D1480B92-9A59-4675-B2DF-6DAE385927B2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_6500_gen10_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC09C72C-0BD3-4DB1-96C6-72F2330D4165",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_n2600_gen10_plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB23B5E3-887B-41C8-B83E-0203BEC9DDB1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_n2800_gen10_plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33A5C2F7-66E1-483F-95E7-D51C6D32E7CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_r2600_gen10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A478D98-EE4E-45ED-A257-F154693E6FB2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_r2800_gen10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CAC257C-8594-454D-BA28-5D98F03AF3EC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:edgeline_e920_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4CB4D5F2-2E5C-4191-ACA0-D086E08FFDA4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:edgeline_e920d_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4AC36ED1-D392-4DC6-B3E0-99A821705AA2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:edgeline_e920t_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D0ACC75-47E9-439A-9338-170478FB326F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_bl460c_gen10_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C25FD273-0E16-4975-985C-8BD96AE0D449",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl110_gen10_plus_telco_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "554BD1A9-19DC-40E7-875F-2C6091CDC904",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl120_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5876FB45-B037-4355-BAE9-69157FD0A402",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl160_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0C77CAF-0A18-4447-93BD-C64595475E37",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl180_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08D81BA5-E5D8-4D42-8C42-A91063008359",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl20_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA978EC2-6027-4605-BECC-68B4682DB5E5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl20_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B15D52EA-CE63-47AF-993D-265163B5B38E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl325_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1F98CB6-3933-4425-A7E9-542AB764C8C4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl325_gen10_plus_v2_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A91E7E91-BED2-4CFE-AB7A-8537F1A589C8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl325_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "93765BE7-D8C2-48C8-9ADA-A7C36B993D95",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl345_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE801CF-95AB-409A-8063-9525FC1A3BF1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl360_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A540039-4339-44CE-92AD-83B80928FC81",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl360_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD08B95A-240C-436E-91B5-2D594F6F1F07",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl365_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B7151CE9-BAD2-47B8-9283-5BEB53C93D98",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl380_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E27B2E8E-1F1D-4397-BE33-80755D6BE56C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl380_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8545248A-2943-4B8D-A295-BE7D43492BC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl385_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00B032E4-9663-4525-ACC4-217B5E266124",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl385_gen10_plus_v2_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61758FDD-0744-4207-950E-D11717E9E5D1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl385_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D3845235-CAFC-4FB3-AB26-F0E8A8815F88",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl560_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8389F7F-7653-4695-91CC-DCFACC870094",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl580_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "419470B4-80EF-46BF-8DB4-6569D3E8435F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx170r_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7591DA99-B0CA-4A23-A8C5-C6D9084C2329",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx190r_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A1642BAB-2EC5-4E89-86DE-7B9BECA4F6CB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx220n_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D176EE5-FDE7-475B-802A-AFD21A9F6E87",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx325_gen10_plus_v2_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18B76D60-5493-4959-A85E-91C1D810365F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx360_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40D9CF07-D08E-4B36-B25D-1011AF0463DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx360_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26D8AA54-634D-4870-AC5E-BD8F70EDB83D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx380_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8464FB6E-5744-44B7-BD1F-87D8F382A30B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx380_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C8768C-5E7D-4C11-8C49-182CC1D643B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx385_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "594B767B-41AB-436A-AF2C-10185E1161F4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx385_gen10_plus_v2_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "779A6A62-4357-46FF-9BA8-F53E657A4E31",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx4200_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B00D29DB-B073-4C5A-934D-87A311D57657",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx560_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5869DE25-F914-48E0-8AFF-72C463E99084",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_e910_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "174EF59C-18A6-4490-A23A-76E74C1D2AFA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_e910t_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C755817B-B074-4496-934B-A30C72A4F849",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_m750_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E79D5665-6654-4AF7-A3DE-7F338067E8C3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_microserver_gen10_plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F8B5AC2-7889-4654-88D2-289CE20A4ED7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_ml110_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB32875E-11E3-443E-809C-12CCAE574570",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_ml30_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5527AD20-7E19-4987-915D-FCFFEBFDA4C6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_ml30_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "76C24685-FEE2-494F-9806-56477E62FD1A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_ml350_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C7DE16BA-939E-4C26-B03B-439E60C7C872",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl170r_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B224273-2E15-41F2-84D6-D754F6B76B49",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl190r_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1ACD7139-05F6-4D60-BB0F-9AA6952720CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl220n_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "01181BEB-DE0B-49AA-B632-91B40046120F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl225n_gen10_plus_1u_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9334B70C-EBBD-4D0F-A0DC-EC84E014701E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl230k_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50247A44-3EA0-4B4B-9AB6-64D9B470F190",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl270d_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A21F0B8-D613-46CD-BAEC-5CD876FD5352",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl290n_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4435D5C3-A7CB-4EA6-87A9-6026DAC8DA47",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl420_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1EDA2E27-1E51-4DC3-A907-C6273168D366",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl450_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DBD81201-ECD9-4E9F-A6F0-7EAEB1DA9891",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl645d_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "424298C0-01E2-4770-818D-25F47A801F88",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl675d_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E7408A4-7409-4223-ABA7-C1F35E84D213",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl925g_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0700905D-BEA8-46A7-95D4-27BC3793FA51",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storage_file_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCBE981-8F98-49B2-B09D-B0187D5DF322",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storage_performance_file_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A9E7335-3545-4F2D-A915-AB6B34EBB76D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1460_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BFC69BAD-3243-405F-839E-8BE9E2562205",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1560_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C386FE40-4223-4F35-A04A-84008B7A1B8E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1660_expanded_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3E86E62-1B51-4934-B8B6-40D920BE6192",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1660_performance_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F5D34B52-2803-43B0-942A-F974CBE14531",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1660_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EFC53F93-901B-40A9-BAAD-DD5A8865E824",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1860_performance_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A06978-A8B5-4251-955F-2DF206962605",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1860_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D82CC8E6-A017-406E-B993-4CFFEB230829",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A potential arbitrary code execution and a denial of service (DoS) vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could exploit this vulnerability in an adjacent network to potentially execute arbitrary code in an isolated process resulting in a complete loss of confidentiality, integrity, and availability within that process. In addition, an unprivileged user could exploit a denial of service (DoS) vulnerability in an isolated process resulting in a complete loss of availability within that process. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5)."
},
{
"lang": "es",
"value": "Se ha detectado una potencial ejecuci\u00f3n de c\u00f3digo arbitrario y una vulnerabilidad de denegaci\u00f3n de servicio (DoS) dentro de un proceso aislado en HPE Integrated Lights-Out 5 (iLO 5) versiones de firmware anteriores a 2.71. Un usuario no privilegiado podr\u00eda explotar esta vulnerabilidad en una red adyacente para ejecutar potencialmente c\u00f3digo arbitrario en un proceso aislado resultando en una p\u00e9rdida completa de confidencialidad, integridad y disponibilidad dentro de ese proceso. Adem\u00e1s, un usuario no privilegiado podr\u00eda explotar una vulnerabilidad de denegaci\u00f3n de servicio (DoS) en un proceso aislado resultando en una p\u00e9rdida completa de disponibilidad dentro de ese proceso. HPE ha proporcionado una actualizaci\u00f3n de firmware para resolver esta vulnerabilidad en HPE Integrated Lights-Out 5 (iLO 5)."
}
],
"id": "CVE-2022-28631",
"lastModified": "2024-11-21T06:57:37.030",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-12T15:15:14.253",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04333en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04333en_us"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-12 15:15
Modified
2024-11-21 06:57
Severity ?
Summary
A potential local arbitrary code execution and a local denial of service (DoS) vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could locally exploit this vulnerability to potentially execute arbitrary code in an isolated process resulting in a complete loss of confidentiality, integrity, and availability within that process. In addition, an unprivileged user could exploit a denial of service (DoS) vulnerability in an isolated process resulting in a complete loss of availability within that process. A successful attack depends on conditions beyond the attackers control. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5).
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hpe:integrated_lights-out_5_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50DE87E4-C7BA-45DF-A8D2-82278A87ECEA",
"versionEndExcluding": "2.71",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hpe:apollo_2000_gen10_plus_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03743177-70D4-442B-B59F-43912385CC83",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_4200_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFB818A6-80D5-4DD7-8E0D-EC25764A0693",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_4510_gen10_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25418088-0890-401E-837C-611154B2C433",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_6500_gen10_plus_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D1480B92-9A59-4675-B2DF-6DAE385927B2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_6500_gen10_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC09C72C-0BD3-4DB1-96C6-72F2330D4165",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_n2600_gen10_plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB23B5E3-887B-41C8-B83E-0203BEC9DDB1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_n2800_gen10_plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33A5C2F7-66E1-483F-95E7-D51C6D32E7CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_r2600_gen10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A478D98-EE4E-45ED-A257-F154693E6FB2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_r2800_gen10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CAC257C-8594-454D-BA28-5D98F03AF3EC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:edgeline_e920_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4CB4D5F2-2E5C-4191-ACA0-D086E08FFDA4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:edgeline_e920d_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4AC36ED1-D392-4DC6-B3E0-99A821705AA2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:edgeline_e920t_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D0ACC75-47E9-439A-9338-170478FB326F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_bl460c_gen10_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C25FD273-0E16-4975-985C-8BD96AE0D449",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl110_gen10_plus_telco_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "554BD1A9-19DC-40E7-875F-2C6091CDC904",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl120_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5876FB45-B037-4355-BAE9-69157FD0A402",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl160_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0C77CAF-0A18-4447-93BD-C64595475E37",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl180_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08D81BA5-E5D8-4D42-8C42-A91063008359",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl20_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA978EC2-6027-4605-BECC-68B4682DB5E5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl20_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B15D52EA-CE63-47AF-993D-265163B5B38E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl325_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1F98CB6-3933-4425-A7E9-542AB764C8C4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl325_gen10_plus_v2_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A91E7E91-BED2-4CFE-AB7A-8537F1A589C8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl325_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "93765BE7-D8C2-48C8-9ADA-A7C36B993D95",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl345_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE801CF-95AB-409A-8063-9525FC1A3BF1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl360_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A540039-4339-44CE-92AD-83B80928FC81",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl360_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD08B95A-240C-436E-91B5-2D594F6F1F07",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl365_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B7151CE9-BAD2-47B8-9283-5BEB53C93D98",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl380_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E27B2E8E-1F1D-4397-BE33-80755D6BE56C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl380_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8545248A-2943-4B8D-A295-BE7D43492BC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl385_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00B032E4-9663-4525-ACC4-217B5E266124",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl385_gen10_plus_v2_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61758FDD-0744-4207-950E-D11717E9E5D1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl385_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D3845235-CAFC-4FB3-AB26-F0E8A8815F88",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl560_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8389F7F-7653-4695-91CC-DCFACC870094",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl580_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "419470B4-80EF-46BF-8DB4-6569D3E8435F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx170r_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7591DA99-B0CA-4A23-A8C5-C6D9084C2329",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx190r_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A1642BAB-2EC5-4E89-86DE-7B9BECA4F6CB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx220n_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D176EE5-FDE7-475B-802A-AFD21A9F6E87",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx325_gen10_plus_v2_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18B76D60-5493-4959-A85E-91C1D810365F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx360_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40D9CF07-D08E-4B36-B25D-1011AF0463DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx360_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26D8AA54-634D-4870-AC5E-BD8F70EDB83D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx380_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8464FB6E-5744-44B7-BD1F-87D8F382A30B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx380_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C8768C-5E7D-4C11-8C49-182CC1D643B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx385_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "594B767B-41AB-436A-AF2C-10185E1161F4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx385_gen10_plus_v2_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "779A6A62-4357-46FF-9BA8-F53E657A4E31",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx4200_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B00D29DB-B073-4C5A-934D-87A311D57657",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx560_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5869DE25-F914-48E0-8AFF-72C463E99084",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_e910_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "174EF59C-18A6-4490-A23A-76E74C1D2AFA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_e910t_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C755817B-B074-4496-934B-A30C72A4F849",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_m750_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E79D5665-6654-4AF7-A3DE-7F338067E8C3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_microserver_gen10_plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F8B5AC2-7889-4654-88D2-289CE20A4ED7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_ml110_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB32875E-11E3-443E-809C-12CCAE574570",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_ml30_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5527AD20-7E19-4987-915D-FCFFEBFDA4C6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_ml30_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "76C24685-FEE2-494F-9806-56477E62FD1A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_ml350_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C7DE16BA-939E-4C26-B03B-439E60C7C872",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl170r_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B224273-2E15-41F2-84D6-D754F6B76B49",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl190r_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1ACD7139-05F6-4D60-BB0F-9AA6952720CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl220n_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "01181BEB-DE0B-49AA-B632-91B40046120F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl225n_gen10_plus_1u_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9334B70C-EBBD-4D0F-A0DC-EC84E014701E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl230k_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50247A44-3EA0-4B4B-9AB6-64D9B470F190",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl270d_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A21F0B8-D613-46CD-BAEC-5CD876FD5352",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl290n_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4435D5C3-A7CB-4EA6-87A9-6026DAC8DA47",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl420_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1EDA2E27-1E51-4DC3-A907-C6273168D366",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl450_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DBD81201-ECD9-4E9F-A6F0-7EAEB1DA9891",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl645d_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "424298C0-01E2-4770-818D-25F47A801F88",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl675d_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E7408A4-7409-4223-ABA7-C1F35E84D213",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl925g_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0700905D-BEA8-46A7-95D4-27BC3793FA51",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storage_file_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCBE981-8F98-49B2-B09D-B0187D5DF322",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storage_performance_file_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A9E7335-3545-4F2D-A915-AB6B34EBB76D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1460_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BFC69BAD-3243-405F-839E-8BE9E2562205",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1560_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C386FE40-4223-4F35-A04A-84008B7A1B8E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1660_expanded_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3E86E62-1B51-4934-B8B6-40D920BE6192",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1660_performance_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F5D34B52-2803-43B0-942A-F974CBE14531",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1660_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EFC53F93-901B-40A9-BAAD-DD5A8865E824",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1860_performance_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A06978-A8B5-4251-955F-2DF206962605",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1860_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D82CC8E6-A017-406E-B993-4CFFEB230829",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A potential local arbitrary code execution and a local denial of service (DoS) vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could locally exploit this vulnerability to potentially execute arbitrary code in an isolated process resulting in a complete loss of confidentiality, integrity, and availability within that process. In addition, an unprivileged user could exploit a denial of service (DoS) vulnerability in an isolated process resulting in a complete loss of availability within that process. A successful attack depends on conditions beyond the attackers control. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5)."
},
{
"lang": "es",
"value": "Se ha detectado una potencial ejecuci\u00f3n local de c\u00f3digo arbitrario y una vulnerabilidad de denegaci\u00f3n de servicio (DoS) local dentro de un proceso aislado en HPE Integrated Lights-Out 5 (iLO 5) versiones de firmware anteriores a 2.71. Un usuario no privilegiado podr\u00eda explotar localmente esta vulnerabilidad para ejecutar potencialmente c\u00f3digo arbitrario en un proceso aislado resultando en una p\u00e9rdida completa de confidencialidad, integridad y disponibilidad dentro de ese proceso. Adem\u00e1s, un usuario no privilegiado podr\u00eda explotar una vulnerabilidad de denegaci\u00f3n de servicio (DoS) en un proceso aislado resultando en una p\u00e9rdida completa de disponibilidad dentro de ese proceso. Un ataque con \u00e9xito depende de condiciones que est\u00e1n fuera del control de los atacantes. HPE ha proporcionado una actualizaci\u00f3n de firmware para resolver esta vulnerabilidad en HPE Integrated Lights-Out 5 (iLO 5)."
}
],
"id": "CVE-2022-28635",
"lastModified": "2024-11-21T06:57:37.547",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.4,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-12T15:15:14.423",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04333en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04333en_us"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-12 15:15
Modified
2024-11-21 06:57
Severity ?
Summary
A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality, integrity, and availability. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5).
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hpe:integrated_lights-out_5_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50DE87E4-C7BA-45DF-A8D2-82278A87ECEA",
"versionEndExcluding": "2.71",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hpe:apollo_2000_gen10_plus_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03743177-70D4-442B-B59F-43912385CC83",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_4200_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFB818A6-80D5-4DD7-8E0D-EC25764A0693",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_4510_gen10_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25418088-0890-401E-837C-611154B2C433",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_6500_gen10_plus_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D1480B92-9A59-4675-B2DF-6DAE385927B2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_6500_gen10_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC09C72C-0BD3-4DB1-96C6-72F2330D4165",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_n2600_gen10_plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB23B5E3-887B-41C8-B83E-0203BEC9DDB1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_n2800_gen10_plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33A5C2F7-66E1-483F-95E7-D51C6D32E7CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_r2600_gen10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A478D98-EE4E-45ED-A257-F154693E6FB2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_r2800_gen10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CAC257C-8594-454D-BA28-5D98F03AF3EC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:edgeline_e920_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4CB4D5F2-2E5C-4191-ACA0-D086E08FFDA4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:edgeline_e920d_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4AC36ED1-D392-4DC6-B3E0-99A821705AA2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:edgeline_e920t_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D0ACC75-47E9-439A-9338-170478FB326F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_bl460c_gen10_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C25FD273-0E16-4975-985C-8BD96AE0D449",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl110_gen10_plus_telco_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "554BD1A9-19DC-40E7-875F-2C6091CDC904",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl120_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5876FB45-B037-4355-BAE9-69157FD0A402",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl160_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0C77CAF-0A18-4447-93BD-C64595475E37",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl180_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08D81BA5-E5D8-4D42-8C42-A91063008359",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl20_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA978EC2-6027-4605-BECC-68B4682DB5E5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl20_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B15D52EA-CE63-47AF-993D-265163B5B38E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl325_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1F98CB6-3933-4425-A7E9-542AB764C8C4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl325_gen10_plus_v2_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A91E7E91-BED2-4CFE-AB7A-8537F1A589C8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl325_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "93765BE7-D8C2-48C8-9ADA-A7C36B993D95",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl345_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE801CF-95AB-409A-8063-9525FC1A3BF1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl360_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A540039-4339-44CE-92AD-83B80928FC81",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl360_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD08B95A-240C-436E-91B5-2D594F6F1F07",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl365_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B7151CE9-BAD2-47B8-9283-5BEB53C93D98",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl380_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E27B2E8E-1F1D-4397-BE33-80755D6BE56C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl380_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8545248A-2943-4B8D-A295-BE7D43492BC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl385_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00B032E4-9663-4525-ACC4-217B5E266124",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl385_gen10_plus_v2_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61758FDD-0744-4207-950E-D11717E9E5D1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl385_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D3845235-CAFC-4FB3-AB26-F0E8A8815F88",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl560_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8389F7F-7653-4695-91CC-DCFACC870094",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl580_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "419470B4-80EF-46BF-8DB4-6569D3E8435F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx170r_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7591DA99-B0CA-4A23-A8C5-C6D9084C2329",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx190r_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A1642BAB-2EC5-4E89-86DE-7B9BECA4F6CB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx220n_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D176EE5-FDE7-475B-802A-AFD21A9F6E87",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx325_gen10_plus_v2_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18B76D60-5493-4959-A85E-91C1D810365F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx360_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40D9CF07-D08E-4B36-B25D-1011AF0463DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx360_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26D8AA54-634D-4870-AC5E-BD8F70EDB83D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx380_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8464FB6E-5744-44B7-BD1F-87D8F382A30B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx380_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C8768C-5E7D-4C11-8C49-182CC1D643B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx385_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "594B767B-41AB-436A-AF2C-10185E1161F4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx385_gen10_plus_v2_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "779A6A62-4357-46FF-9BA8-F53E657A4E31",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx4200_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B00D29DB-B073-4C5A-934D-87A311D57657",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx560_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5869DE25-F914-48E0-8AFF-72C463E99084",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_e910_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "174EF59C-18A6-4490-A23A-76E74C1D2AFA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_e910t_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C755817B-B074-4496-934B-A30C72A4F849",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_m750_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E79D5665-6654-4AF7-A3DE-7F338067E8C3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_microserver_gen10_plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F8B5AC2-7889-4654-88D2-289CE20A4ED7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_ml110_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB32875E-11E3-443E-809C-12CCAE574570",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_ml30_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5527AD20-7E19-4987-915D-FCFFEBFDA4C6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_ml30_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "76C24685-FEE2-494F-9806-56477E62FD1A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_ml350_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C7DE16BA-939E-4C26-B03B-439E60C7C872",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl170r_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B224273-2E15-41F2-84D6-D754F6B76B49",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl190r_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1ACD7139-05F6-4D60-BB0F-9AA6952720CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl220n_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "01181BEB-DE0B-49AA-B632-91B40046120F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl225n_gen10_plus_1u_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9334B70C-EBBD-4D0F-A0DC-EC84E014701E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl230k_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50247A44-3EA0-4B4B-9AB6-64D9B470F190",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl270d_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A21F0B8-D613-46CD-BAEC-5CD876FD5352",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl290n_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4435D5C3-A7CB-4EA6-87A9-6026DAC8DA47",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl420_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1EDA2E27-1E51-4DC3-A907-C6273168D366",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl450_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DBD81201-ECD9-4E9F-A6F0-7EAEB1DA9891",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl645d_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "424298C0-01E2-4770-818D-25F47A801F88",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl675d_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E7408A4-7409-4223-ABA7-C1F35E84D213",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl925g_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0700905D-BEA8-46A7-95D4-27BC3793FA51",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storage_file_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCBE981-8F98-49B2-B09D-B0187D5DF322",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storage_performance_file_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A9E7335-3545-4F2D-A915-AB6B34EBB76D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1460_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BFC69BAD-3243-405F-839E-8BE9E2562205",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1560_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C386FE40-4223-4F35-A04A-84008B7A1B8E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1660_expanded_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3E86E62-1B51-4934-B8B6-40D920BE6192",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1660_performance_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F5D34B52-2803-43B0-942A-F974CBE14531",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1660_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EFC53F93-901B-40A9-BAAD-DD5A8865E824",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1860_performance_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A06978-A8B5-4251-955F-2DF206962605",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1860_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D82CC8E6-A017-406E-B993-4CFFEB230829",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality, integrity, and availability. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5)."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad de ejecuci\u00f3n local de c\u00f3digo arbitrario en HPE Integrated Lights-Out 5 (iLO 5) versiones de firmware anteriores a 2.71. Un usuario no privilegiado podr\u00eda explotar localmente esta vulnerabilidad para ejecutar c\u00f3digo arbitrario resultando en una p\u00e9rdida completa de confidencialidad, integridad y disponibilidad. HPE ha proporcionado una actualizaci\u00f3n de firmware para resolver esta vulnerabilidad en HPE Integrated Lights-Out 5 (iLO 5)."
}
],
"id": "CVE-2022-28628",
"lastModified": "2024-11-21T06:57:36.683",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-12T15:15:14.123",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04333en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04333en_us"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-12 15:15
Modified
2024-11-21 06:57
Severity ?
Summary
A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. A low privileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality, integrity, and availability. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5).
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hpe:integrated_lights-out_5_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50DE87E4-C7BA-45DF-A8D2-82278A87ECEA",
"versionEndExcluding": "2.71",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hpe:apollo_2000_gen10_plus_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03743177-70D4-442B-B59F-43912385CC83",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_4200_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFB818A6-80D5-4DD7-8E0D-EC25764A0693",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_4510_gen10_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25418088-0890-401E-837C-611154B2C433",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_6500_gen10_plus_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D1480B92-9A59-4675-B2DF-6DAE385927B2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_6500_gen10_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC09C72C-0BD3-4DB1-96C6-72F2330D4165",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_n2600_gen10_plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB23B5E3-887B-41C8-B83E-0203BEC9DDB1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_n2800_gen10_plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33A5C2F7-66E1-483F-95E7-D51C6D32E7CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_r2600_gen10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A478D98-EE4E-45ED-A257-F154693E6FB2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_r2800_gen10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CAC257C-8594-454D-BA28-5D98F03AF3EC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:edgeline_e920_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4CB4D5F2-2E5C-4191-ACA0-D086E08FFDA4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:edgeline_e920d_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4AC36ED1-D392-4DC6-B3E0-99A821705AA2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:edgeline_e920t_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D0ACC75-47E9-439A-9338-170478FB326F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_bl460c_gen10_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C25FD273-0E16-4975-985C-8BD96AE0D449",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl110_gen10_plus_telco_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "554BD1A9-19DC-40E7-875F-2C6091CDC904",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl120_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5876FB45-B037-4355-BAE9-69157FD0A402",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl160_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0C77CAF-0A18-4447-93BD-C64595475E37",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl180_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08D81BA5-E5D8-4D42-8C42-A91063008359",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl20_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA978EC2-6027-4605-BECC-68B4682DB5E5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl20_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B15D52EA-CE63-47AF-993D-265163B5B38E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl325_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1F98CB6-3933-4425-A7E9-542AB764C8C4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl325_gen10_plus_v2_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A91E7E91-BED2-4CFE-AB7A-8537F1A589C8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl325_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "93765BE7-D8C2-48C8-9ADA-A7C36B993D95",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl345_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE801CF-95AB-409A-8063-9525FC1A3BF1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl360_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A540039-4339-44CE-92AD-83B80928FC81",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl360_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD08B95A-240C-436E-91B5-2D594F6F1F07",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl365_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B7151CE9-BAD2-47B8-9283-5BEB53C93D98",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl380_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E27B2E8E-1F1D-4397-BE33-80755D6BE56C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl380_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8545248A-2943-4B8D-A295-BE7D43492BC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl385_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00B032E4-9663-4525-ACC4-217B5E266124",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl385_gen10_plus_v2_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61758FDD-0744-4207-950E-D11717E9E5D1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl385_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D3845235-CAFC-4FB3-AB26-F0E8A8815F88",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl560_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8389F7F-7653-4695-91CC-DCFACC870094",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl580_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "419470B4-80EF-46BF-8DB4-6569D3E8435F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx170r_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7591DA99-B0CA-4A23-A8C5-C6D9084C2329",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx190r_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A1642BAB-2EC5-4E89-86DE-7B9BECA4F6CB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx220n_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D176EE5-FDE7-475B-802A-AFD21A9F6E87",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx325_gen10_plus_v2_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18B76D60-5493-4959-A85E-91C1D810365F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx360_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40D9CF07-D08E-4B36-B25D-1011AF0463DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx360_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26D8AA54-634D-4870-AC5E-BD8F70EDB83D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx380_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8464FB6E-5744-44B7-BD1F-87D8F382A30B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx380_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C8768C-5E7D-4C11-8C49-182CC1D643B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx385_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "594B767B-41AB-436A-AF2C-10185E1161F4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx385_gen10_plus_v2_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "779A6A62-4357-46FF-9BA8-F53E657A4E31",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx4200_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B00D29DB-B073-4C5A-934D-87A311D57657",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx560_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5869DE25-F914-48E0-8AFF-72C463E99084",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_e910_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "174EF59C-18A6-4490-A23A-76E74C1D2AFA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_e910t_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C755817B-B074-4496-934B-A30C72A4F849",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_m750_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E79D5665-6654-4AF7-A3DE-7F338067E8C3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_microserver_gen10_plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F8B5AC2-7889-4654-88D2-289CE20A4ED7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_ml110_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB32875E-11E3-443E-809C-12CCAE574570",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_ml30_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5527AD20-7E19-4987-915D-FCFFEBFDA4C6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_ml30_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "76C24685-FEE2-494F-9806-56477E62FD1A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_ml350_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C7DE16BA-939E-4C26-B03B-439E60C7C872",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl170r_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B224273-2E15-41F2-84D6-D754F6B76B49",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl190r_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1ACD7139-05F6-4D60-BB0F-9AA6952720CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl220n_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "01181BEB-DE0B-49AA-B632-91B40046120F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl225n_gen10_plus_1u_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9334B70C-EBBD-4D0F-A0DC-EC84E014701E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl230k_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50247A44-3EA0-4B4B-9AB6-64D9B470F190",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl270d_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A21F0B8-D613-46CD-BAEC-5CD876FD5352",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl290n_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4435D5C3-A7CB-4EA6-87A9-6026DAC8DA47",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl420_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1EDA2E27-1E51-4DC3-A907-C6273168D366",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl450_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DBD81201-ECD9-4E9F-A6F0-7EAEB1DA9891",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl645d_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "424298C0-01E2-4770-818D-25F47A801F88",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl675d_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E7408A4-7409-4223-ABA7-C1F35E84D213",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl925g_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0700905D-BEA8-46A7-95D4-27BC3793FA51",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storage_file_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCBE981-8F98-49B2-B09D-B0187D5DF322",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storage_performance_file_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A9E7335-3545-4F2D-A915-AB6B34EBB76D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1460_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BFC69BAD-3243-405F-839E-8BE9E2562205",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1560_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C386FE40-4223-4F35-A04A-84008B7A1B8E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1660_expanded_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3E86E62-1B51-4934-B8B6-40D920BE6192",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1660_performance_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F5D34B52-2803-43B0-942A-F974CBE14531",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1660_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EFC53F93-901B-40A9-BAAD-DD5A8865E824",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1860_performance_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A06978-A8B5-4251-955F-2DF206962605",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1860_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D82CC8E6-A017-406E-B993-4CFFEB230829",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. A low privileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality, integrity, and availability. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5)."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad de ejecuci\u00f3n local de c\u00f3digo arbitrario en HPE Integrated Lights-Out 5 (iLO 5) versiones de firmware anteriores a 2.71. Un usuario no privilegiado podr\u00eda explotar localmente esta vulnerabilidad para ejecutar c\u00f3digo arbitrario resultando en una p\u00e9rdida completa de confidencialidad, integridad y disponibilidad. HPE ha proporcionado una actualizaci\u00f3n de firmware para resolver esta vulnerabilidad en HPE Integrated Lights-Out 5 (iLO 5)."
}
],
"id": "CVE-2022-28629",
"lastModified": "2024-11-21T06:57:36.803",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-12T15:15:14.167",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04333en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04333en_us"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-12 15:15
Modified
2024-11-21 06:57
Severity ?
Summary
A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality, integrity, and availability. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5).
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hpe:integrated_lights-out_5_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50DE87E4-C7BA-45DF-A8D2-82278A87ECEA",
"versionEndExcluding": "2.71",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hpe:apollo_2000_gen10_plus_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03743177-70D4-442B-B59F-43912385CC83",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_4200_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFB818A6-80D5-4DD7-8E0D-EC25764A0693",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_4510_gen10_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25418088-0890-401E-837C-611154B2C433",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_6500_gen10_plus_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D1480B92-9A59-4675-B2DF-6DAE385927B2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_6500_gen10_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC09C72C-0BD3-4DB1-96C6-72F2330D4165",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_n2600_gen10_plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB23B5E3-887B-41C8-B83E-0203BEC9DDB1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_n2800_gen10_plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33A5C2F7-66E1-483F-95E7-D51C6D32E7CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_r2600_gen10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A478D98-EE4E-45ED-A257-F154693E6FB2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_r2800_gen10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CAC257C-8594-454D-BA28-5D98F03AF3EC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:edgeline_e920_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4CB4D5F2-2E5C-4191-ACA0-D086E08FFDA4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:edgeline_e920d_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4AC36ED1-D392-4DC6-B3E0-99A821705AA2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:edgeline_e920t_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D0ACC75-47E9-439A-9338-170478FB326F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_bl460c_gen10_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C25FD273-0E16-4975-985C-8BD96AE0D449",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl110_gen10_plus_telco_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "554BD1A9-19DC-40E7-875F-2C6091CDC904",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl120_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5876FB45-B037-4355-BAE9-69157FD0A402",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl160_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0C77CAF-0A18-4447-93BD-C64595475E37",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl180_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08D81BA5-E5D8-4D42-8C42-A91063008359",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl20_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA978EC2-6027-4605-BECC-68B4682DB5E5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl20_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B15D52EA-CE63-47AF-993D-265163B5B38E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl325_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1F98CB6-3933-4425-A7E9-542AB764C8C4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl325_gen10_plus_v2_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A91E7E91-BED2-4CFE-AB7A-8537F1A589C8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl325_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "93765BE7-D8C2-48C8-9ADA-A7C36B993D95",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl345_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE801CF-95AB-409A-8063-9525FC1A3BF1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl360_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A540039-4339-44CE-92AD-83B80928FC81",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl360_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD08B95A-240C-436E-91B5-2D594F6F1F07",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl365_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B7151CE9-BAD2-47B8-9283-5BEB53C93D98",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl380_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E27B2E8E-1F1D-4397-BE33-80755D6BE56C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl380_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8545248A-2943-4B8D-A295-BE7D43492BC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl385_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00B032E4-9663-4525-ACC4-217B5E266124",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl385_gen10_plus_v2_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61758FDD-0744-4207-950E-D11717E9E5D1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl385_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D3845235-CAFC-4FB3-AB26-F0E8A8815F88",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl560_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8389F7F-7653-4695-91CC-DCFACC870094",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl580_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "419470B4-80EF-46BF-8DB4-6569D3E8435F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx170r_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7591DA99-B0CA-4A23-A8C5-C6D9084C2329",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx190r_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A1642BAB-2EC5-4E89-86DE-7B9BECA4F6CB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx220n_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D176EE5-FDE7-475B-802A-AFD21A9F6E87",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx325_gen10_plus_v2_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18B76D60-5493-4959-A85E-91C1D810365F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx360_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40D9CF07-D08E-4B36-B25D-1011AF0463DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx360_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26D8AA54-634D-4870-AC5E-BD8F70EDB83D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx380_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8464FB6E-5744-44B7-BD1F-87D8F382A30B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx380_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C8768C-5E7D-4C11-8C49-182CC1D643B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx385_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "594B767B-41AB-436A-AF2C-10185E1161F4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx385_gen10_plus_v2_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "779A6A62-4357-46FF-9BA8-F53E657A4E31",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx4200_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B00D29DB-B073-4C5A-934D-87A311D57657",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx560_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5869DE25-F914-48E0-8AFF-72C463E99084",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_e910_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "174EF59C-18A6-4490-A23A-76E74C1D2AFA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_e910t_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C755817B-B074-4496-934B-A30C72A4F849",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_m750_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E79D5665-6654-4AF7-A3DE-7F338067E8C3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_microserver_gen10_plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F8B5AC2-7889-4654-88D2-289CE20A4ED7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_ml110_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB32875E-11E3-443E-809C-12CCAE574570",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_ml30_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5527AD20-7E19-4987-915D-FCFFEBFDA4C6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_ml30_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "76C24685-FEE2-494F-9806-56477E62FD1A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_ml350_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C7DE16BA-939E-4C26-B03B-439E60C7C872",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl170r_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B224273-2E15-41F2-84D6-D754F6B76B49",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl190r_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1ACD7139-05F6-4D60-BB0F-9AA6952720CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl220n_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "01181BEB-DE0B-49AA-B632-91B40046120F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl225n_gen10_plus_1u_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9334B70C-EBBD-4D0F-A0DC-EC84E014701E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl230k_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50247A44-3EA0-4B4B-9AB6-64D9B470F190",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl270d_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A21F0B8-D613-46CD-BAEC-5CD876FD5352",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl290n_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4435D5C3-A7CB-4EA6-87A9-6026DAC8DA47",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl420_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1EDA2E27-1E51-4DC3-A907-C6273168D366",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl450_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DBD81201-ECD9-4E9F-A6F0-7EAEB1DA9891",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl645d_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "424298C0-01E2-4770-818D-25F47A801F88",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl675d_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E7408A4-7409-4223-ABA7-C1F35E84D213",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl925g_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0700905D-BEA8-46A7-95D4-27BC3793FA51",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storage_file_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCBE981-8F98-49B2-B09D-B0187D5DF322",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storage_performance_file_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A9E7335-3545-4F2D-A915-AB6B34EBB76D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1460_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BFC69BAD-3243-405F-839E-8BE9E2562205",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1560_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C386FE40-4223-4F35-A04A-84008B7A1B8E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1660_expanded_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3E86E62-1B51-4934-B8B6-40D920BE6192",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1660_performance_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F5D34B52-2803-43B0-942A-F974CBE14531",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1660_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EFC53F93-901B-40A9-BAAD-DD5A8865E824",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1860_performance_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A06978-A8B5-4251-955F-2DF206962605",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1860_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D82CC8E6-A017-406E-B993-4CFFEB230829",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality, integrity, and availability. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5)."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad de ejecuci\u00f3n local de c\u00f3digo arbitrario en HPE Integrated Lights-Out 5 (iLO 5) versiones de firmware anteriores a 2.71. Un usuario no privilegiado podr\u00eda explotar localmente esta vulnerabilidad para ejecutar c\u00f3digo arbitrario resultando en una p\u00e9rdida completa de confidencialidad, integridad y disponibilidad. HPE ha proporcionado una actualizaci\u00f3n de firmware para resolver esta vulnerabilidad en HPE Integrated Lights-Out 5 (iLO 5)."
}
],
"id": "CVE-2022-28627",
"lastModified": "2024-11-21T06:57:36.570",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-12T15:15:14.080",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04333en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04333en_us"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-12 15:15
Modified
2024-11-21 06:57
Severity ?
Summary
A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. A highly privileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality, integrity, and availability. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5).
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hpe:integrated_lights-out_5_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50DE87E4-C7BA-45DF-A8D2-82278A87ECEA",
"versionEndExcluding": "2.71",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hpe:apollo_2000_gen10_plus_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03743177-70D4-442B-B59F-43912385CC83",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_4200_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFB818A6-80D5-4DD7-8E0D-EC25764A0693",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_4510_gen10_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25418088-0890-401E-837C-611154B2C433",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_6500_gen10_plus_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D1480B92-9A59-4675-B2DF-6DAE385927B2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_6500_gen10_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC09C72C-0BD3-4DB1-96C6-72F2330D4165",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_n2600_gen10_plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB23B5E3-887B-41C8-B83E-0203BEC9DDB1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_n2800_gen10_plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33A5C2F7-66E1-483F-95E7-D51C6D32E7CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_r2600_gen10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A478D98-EE4E-45ED-A257-F154693E6FB2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:apollo_r2800_gen10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CAC257C-8594-454D-BA28-5D98F03AF3EC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:edgeline_e920_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4CB4D5F2-2E5C-4191-ACA0-D086E08FFDA4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:edgeline_e920d_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4AC36ED1-D392-4DC6-B3E0-99A821705AA2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:edgeline_e920t_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D0ACC75-47E9-439A-9338-170478FB326F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_bl460c_gen10_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C25FD273-0E16-4975-985C-8BD96AE0D449",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl110_gen10_plus_telco_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "554BD1A9-19DC-40E7-875F-2C6091CDC904",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl120_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5876FB45-B037-4355-BAE9-69157FD0A402",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl160_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0C77CAF-0A18-4447-93BD-C64595475E37",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl180_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08D81BA5-E5D8-4D42-8C42-A91063008359",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl20_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA978EC2-6027-4605-BECC-68B4682DB5E5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl20_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B15D52EA-CE63-47AF-993D-265163B5B38E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl325_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1F98CB6-3933-4425-A7E9-542AB764C8C4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl325_gen10_plus_v2_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A91E7E91-BED2-4CFE-AB7A-8537F1A589C8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl325_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "93765BE7-D8C2-48C8-9ADA-A7C36B993D95",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl345_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE801CF-95AB-409A-8063-9525FC1A3BF1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl360_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A540039-4339-44CE-92AD-83B80928FC81",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl360_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD08B95A-240C-436E-91B5-2D594F6F1F07",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl365_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B7151CE9-BAD2-47B8-9283-5BEB53C93D98",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl380_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E27B2E8E-1F1D-4397-BE33-80755D6BE56C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl380_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8545248A-2943-4B8D-A295-BE7D43492BC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl385_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00B032E4-9663-4525-ACC4-217B5E266124",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl385_gen10_plus_v2_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61758FDD-0744-4207-950E-D11717E9E5D1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl385_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D3845235-CAFC-4FB3-AB26-F0E8A8815F88",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl560_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8389F7F-7653-4695-91CC-DCFACC870094",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dl580_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "419470B4-80EF-46BF-8DB4-6569D3E8435F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx170r_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7591DA99-B0CA-4A23-A8C5-C6D9084C2329",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx190r_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A1642BAB-2EC5-4E89-86DE-7B9BECA4F6CB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx220n_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D176EE5-FDE7-475B-802A-AFD21A9F6E87",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx325_gen10_plus_v2_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18B76D60-5493-4959-A85E-91C1D810365F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx360_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40D9CF07-D08E-4B36-B25D-1011AF0463DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx360_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26D8AA54-634D-4870-AC5E-BD8F70EDB83D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx380_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8464FB6E-5744-44B7-BD1F-87D8F382A30B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx380_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C8768C-5E7D-4C11-8C49-182CC1D643B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx385_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "594B767B-41AB-436A-AF2C-10185E1161F4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx385_gen10_plus_v2_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "779A6A62-4357-46FF-9BA8-F53E657A4E31",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx4200_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B00D29DB-B073-4C5A-934D-87A311D57657",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_dx560_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5869DE25-F914-48E0-8AFF-72C463E99084",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_e910_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "174EF59C-18A6-4490-A23A-76E74C1D2AFA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_e910t_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C755817B-B074-4496-934B-A30C72A4F849",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_m750_server_blade:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E79D5665-6654-4AF7-A3DE-7F338067E8C3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_microserver_gen10_plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F8B5AC2-7889-4654-88D2-289CE20A4ED7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_ml110_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB32875E-11E3-443E-809C-12CCAE574570",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_ml30_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5527AD20-7E19-4987-915D-FCFFEBFDA4C6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_ml30_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "76C24685-FEE2-494F-9806-56477E62FD1A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_ml350_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C7DE16BA-939E-4C26-B03B-439E60C7C872",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl170r_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B224273-2E15-41F2-84D6-D754F6B76B49",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl190r_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1ACD7139-05F6-4D60-BB0F-9AA6952720CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl220n_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "01181BEB-DE0B-49AA-B632-91B40046120F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl225n_gen10_plus_1u_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9334B70C-EBBD-4D0F-A0DC-EC84E014701E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl230k_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50247A44-3EA0-4B4B-9AB6-64D9B470F190",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl270d_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A21F0B8-D613-46CD-BAEC-5CD876FD5352",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl290n_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4435D5C3-A7CB-4EA6-87A9-6026DAC8DA47",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl420_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1EDA2E27-1E51-4DC3-A907-C6273168D366",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl450_gen10_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DBD81201-ECD9-4E9F-A6F0-7EAEB1DA9891",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl645d_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "424298C0-01E2-4770-818D-25F47A801F88",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl675d_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E7408A4-7409-4223-ABA7-C1F35E84D213",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:proliant_xl925g_gen10_plus_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0700905D-BEA8-46A7-95D4-27BC3793FA51",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storage_file_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCBE981-8F98-49B2-B09D-B0187D5DF322",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storage_performance_file_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A9E7335-3545-4F2D-A915-AB6B34EBB76D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1460_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BFC69BAD-3243-405F-839E-8BE9E2562205",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1560_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C386FE40-4223-4F35-A04A-84008B7A1B8E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1660_expanded_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3E86E62-1B51-4934-B8B6-40D920BE6192",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1660_performance_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F5D34B52-2803-43B0-942A-F974CBE14531",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1660_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EFC53F93-901B-40A9-BAAD-DD5A8865E824",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1860_performance_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A06978-A8B5-4251-955F-2DF206962605",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hpe:storeeasy_1860_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D82CC8E6-A017-406E-B993-4CFFEB230829",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. A highly privileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality, integrity, and availability. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5)."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad de ejecuci\u00f3n local de c\u00f3digo arbitrario en HPE Integrated Lights-Out 5 (iLO 5) versiones de firmware anteriores a 2.71. Un usuario con altos privilegios podr\u00eda explotar localmente esta vulnerabilidad para ejecutar c\u00f3digo arbitrario resultando en una p\u00e9rdida completa de confidencialidad, integridad y disponibilidad. HPE ha proporcionado una actualizaci\u00f3n de firmware para resolver esta vulnerabilidad en HPE Integrated Lights-Out 5 (iLO 5)."
}
],
"id": "CVE-2022-28626",
"lastModified": "2024-11-21T06:57:36.440",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-12T15:15:14.000",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04333en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04333en_us"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}