Threat Level: Infocon green
Internet Storm Center
phpbb and sql errors asp sqlserver odbc sql errors

Today´s Diary

If you have more information or corrections regarding our diary, please share.



advertisement
Diary Advertisement
Use Discount Code SANSFIREISC10 when registering to get a 10% discount!!

HP iLO3/iLO4 Remote Unauthorized Access with Single-Sign-On

Published: 2013-06-20,
Last Updated: 2013-06-20 01:39:36 UTC
by Guy Bruneau (Version: 1)

0 comment(s)

HP released a security bulletin on a potential remote unauthorized access with HP Integrated Lights-Out iLO3/iLO4 using Single-Sign-On.

CVE-2013-2338 has been assigned and the following versions are impacted:

HP Integrated Lights-Out 3 (iLO3) firmware versions prior to v1.57.
HP Integrated Lights-Out 4 (iLO4) firmware versions prior to v1.22.

If you are impacted, HP recommends upgrading as soon as possible. The current version is available here.

[1] http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c03787836
[2] http://www.hp.com/go/bizsupport
[3] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2338

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

Keywords: Unauthorized Access iLO3 iLO4
0 comment(s)
Top of page

If you have more information or corrections regarding our diary, please share.

Diary Archive

DateAuthorTitle
2013-06-20 Guy Bruneau HP iLO3/iLO4 Remote Unauthorized Access with Single-Sign-On (0 Comments)
2013-06-19 Kevin Liston WinLink Check-In (2 Comments)
2013-06-18 Russ McRee Volatility rules...any questions? (0 Comments)
2013-06-18 Russ McRee EMET 4.0 is now available for download (1 Comments)
2013-06-17 Daniel Wesemann SANSFIRE 2013 (0 Comments)
2013-06-16 Tony Carothers A scan is a scan is a scan (12 Comments)
2013-06-14 Richard Porter When Hotel Alarms Sound (10 Comments)
2013-06-12 Johannes Ullrich Stupid Little IPv6 Tricks (0 Comments)
2013-06-11 Swa Frantzen Store passwords the right way in your application (14 Comments)
2013-06-11 Swa Frantzen Microsoft June 2013 Black Tuesday Overview (3 Comments)
Folder Icon Complete Archive
Search Diaries:

Diary Tagslink arrow

  dos     emet     linux     disaster     tornado     thunderbird     fixit     ilo3     internet status     metasploit     patch     ipv6     kernel     java     msft     configuration     malware analysis     oklahoma     0 day     dshield     ubuntu     javascript     watering hole     chargen     charity     typo squatting     fantasia     perimeter     google     bgp     shadyrat     passwords     winlink     vmware     blackhole     hash     toolsmith     patches     apache     memory forensics     password     usbexe     got packets     gov     usbdoc     firewall     exploit     firefox     malware     flash     tools     malware containment     mitigation     adobe     plugins     incident     xss     ssl     security intelligence     opendoc     bind9     webapp     vulnerability     vmware advisory     bcp 38     cyberterrorism     phishing     trojan     overview     movp ii     dns     security advisory     fake tech calls     black tuesday     cve20120158     ddos     micorsoft     safe     ilo4     51616     privilege escalation     unauthorized access     os x     anti virus     port 51616     volatility     sansfire     back tuesday     signature     microsoft     denial of service     apple     compliance     mozilla     cnn     scam     ie 8     certificates  
site/port/ip search:

ISC Polllink arrow

What are your plans when XP is no longer supported?

Latest RR Paperslink arrow

Web Application Injection Vulnerabilities: A Web App's Security Nemesis?

Electronic Medical Records: Success Requires an Information Security Culture

Corporate vs. Product Security

Event Monitoring and Incident Response

Dead Linux Machines Do Tell Tales

World Map

world map

Trends

trend graph

Security News Feeds

InternetStormCenter
SANS Newsbites
SANS @Risk

Diary Archives

HP iLO3/iLO4 Remote Unauthorized Access with Single-Sign-On - by: Guy Bruneau (2013-06-20)

WinLink Check-In - by: Kevin Liston (2013-06-19)

EMET 4.0 is now available for download - by: Russ McRee (2013-06-18)

View Diary Archives

Search Diaries:

SANS Institute

View our Privacy Policy

Contact Us

Phone: (757) SANS-ISC (726-7472) - Voice Mail Only
Web Contact: handlers@isc.sans.edu
Report Bugs: Sourceforge Project
Debug Info: Browser Debug Info

"The experiences gained in the SANS Technology Institute program have helped me advance in IBM, taking a more public facing role."
- Jerome Radcliffe, SANS Technology Institute Student

"SANS is a 'giving back to the community factory.' SANS encourages and fosters growing security awareness and growing the security community."
- Rob VandenBrink, Alumni of SANS Technology Institute

!-- end .footer-->