Integrated Lights Out Firmware
by Microfocus
CVEs (10)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-5436 | Hig | 0.49 | 7.5 | 0.02 | May 11, 2017 | A potential security vulnerability has been identified with HP Integrated Lights-Out 4 (iLO 4) firmware version 2.11 and later, but prior to version 2.30. The vulnerability could be exploited remotely resulting in Denial of Service (DoS). Note this was originally published in… | ||
| CVE-2014-7876 | 0.01 | — | 0.13 | Mar 31, 2015 | Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 2 before 2.27 and 4 before 2.03 and iLO Chassis Management (CM) firmware before 1.30 allows remote attackers to gain privileges, execute arbitrary code, or cause a denial of service via unknown vectors. | |||
| CVE-2013-2338 | 0.01 | — | 0.11 | Jun 14, 2013 | Unspecified vulnerability on HP Integrated Lights-Out 3 (aka iLO3) cards with firmware before 1.57 and 4 (aka iLO4) cards with firmware before 1.22, when Single-Sign-On (SSO) is used, allows remote attackers to execute arbitrary code via unknown vectors. | |||
| CVE-2015-5435 | 0.00 | — | 0.02 | Sep 30, 2015 | Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 3 before 1.85 and 4 before 2.22 allows remote authenticated users to cause a denial of service via unknown vectors. | |||
| CVE-2015-2106 | 0.00 | — | 0.04 | Mar 31, 2015 | Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 2 before 2.27, 3 before 1.82, and 4 before 2.10 allows remote attackers to bypass intended access restrictions or cause a denial of service via unknown vectors. | |||
| CVE-2013-4843 | 0.00 | — | 0.02 | Nov 18, 2013 | Unspecified vulnerability in HP Integrated Lights-Out 4 (iLO4) with firmware before 1.32 allows remote authenticated users to obtain sensitive information via unknown vectors. | |||
| CVE-2013-4842 | 0.00 | — | 0.02 | Nov 18, 2013 | Cross-site scripting (XSS) vulnerability in HP Integrated Lights-Out 4 (iLO4) with firmware before 1.32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-4805 | 0.00 | — | 0.03 | Aug 5, 2013 | Unspecified vulnerability in HP Integrated Lights-Out 3 (aka iLO3) firmware before 1.60 and 4 (aka iLO4) firmware before 1.30 allows remote attackers to bypass authentication via unknown vectors. | |||
| CVE-2006-6608 | 0.00 | — | 0.03 | Dec 18, 2006 | Unspecified vulnerability in SSH key based authentication in HP Integrated Lights Out (iLO) 1.70 through 1.87, and iLO 2 1.00 through 1.11, on Proliant servers, allows remote attackers to "gain unauthorized access." | |||
| CVE-2004-0525 | 0.00 | — | 0.03 | Aug 6, 2004 | HP Integrated Lights-Out (iLO) 1.10 and other versions before 1.55 allows remote attackers to cause a denial of service (hang) by accessing iLO using the TCP/IP reserved port zero. |
- risk 0.49cvss 7.5epss 0.02
A potential security vulnerability has been identified with HP Integrated Lights-Out 4 (iLO 4) firmware version 2.11 and later, but prior to version 2.30. The vulnerability could be exploited remotely resulting in Denial of Service (DoS). Note this was originally published in…
- CVE-2014-7876Mar 31, 2015risk 0.01cvss —epss 0.13
Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 2 before 2.27 and 4 before 2.03 and iLO Chassis Management (CM) firmware before 1.30 allows remote attackers to gain privileges, execute arbitrary code, or cause a denial of service via unknown vectors.
- CVE-2013-2338Jun 14, 2013risk 0.01cvss —epss 0.11
Unspecified vulnerability on HP Integrated Lights-Out 3 (aka iLO3) cards with firmware before 1.57 and 4 (aka iLO4) cards with firmware before 1.22, when Single-Sign-On (SSO) is used, allows remote attackers to execute arbitrary code via unknown vectors.
- CVE-2015-5435Sep 30, 2015risk 0.00cvss —epss 0.02
Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 3 before 1.85 and 4 before 2.22 allows remote authenticated users to cause a denial of service via unknown vectors.
- CVE-2015-2106Mar 31, 2015risk 0.00cvss —epss 0.04
Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 2 before 2.27, 3 before 1.82, and 4 before 2.10 allows remote attackers to bypass intended access restrictions or cause a denial of service via unknown vectors.
- CVE-2013-4843Nov 18, 2013risk 0.00cvss —epss 0.02
Unspecified vulnerability in HP Integrated Lights-Out 4 (iLO4) with firmware before 1.32 allows remote authenticated users to obtain sensitive information via unknown vectors.
- CVE-2013-4842Nov 18, 2013risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in HP Integrated Lights-Out 4 (iLO4) with firmware before 1.32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2013-4805Aug 5, 2013risk 0.00cvss —epss 0.03
Unspecified vulnerability in HP Integrated Lights-Out 3 (aka iLO3) firmware before 1.60 and 4 (aka iLO4) firmware before 1.30 allows remote attackers to bypass authentication via unknown vectors.
- CVE-2006-6608Dec 18, 2006risk 0.00cvss —epss 0.03
Unspecified vulnerability in SSH key based authentication in HP Integrated Lights Out (iLO) 1.70 through 1.87, and iLO 2 1.00 through 1.11, on Proliant servers, allows remote attackers to "gain unauthorized access."
- CVE-2004-0525Aug 6, 2004risk 0.00cvss —epss 0.03
HP Integrated Lights-Out (iLO) 1.10 and other versions before 1.55 allows remote attackers to cause a denial of service (hang) by accessing iLO using the TCP/IP reserved port zero.