Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HP iLO3/iLO4 Remote Unauthorized Access with Single-Sign-On SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
HP iLO3/iLO4 Remote Unauthorized Access with Single-Sign-On

HP released a security bulletin on a potential remote unauthorized access with HP Integrated Lights-Out iLO3/iLO4 using Single-Sign-On.

CVE-2013-2338 has been assigned and the following versions are impacted:

HP Integrated Lights-Out 3 (iLO3) firmware versions prior to v1.57.
HP Integrated Lights-Out 4 (iLO4) firmware versions prior to v1.22.

If you are impacted, HP recommends upgrading as soon as possible. The current version is available here.

[1] http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c03787836
[2] http://www.hp.com/go/bizsupport
[3] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2338

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

Guy

471 Posts
ISC Handler
Jun 20th 2013

Sign Up for Free or Log In to start participating in the conversation!