A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality and integrity, and a partial loss of availability. User interaction is required to exploit this vulnerability. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5).
Attack Vector Local
Attack Complexity Low
Privileges Required None
Scope Unchanged
Confidentiality Impact High
Integrity Impact High
Availability Impact Low
User Interaction Required
No CVSS v3.0
No CVSS v2
Vendors | Products |
---|---|
Hpe |
|
Configuration 1 [-]
AND |
|
References
Link | Resource |
---|---|
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04333en_us | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: hpe
Published: 2022-08-11T17:17:05
Updated: 2022-08-11T17:17:05
Reserved: 2022-04-04T00:00:00
Link: CVE-2022-28630
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-08-12T15:15:14.210
Modified: 2022-08-16T14:41:16.110
Link: CVE-2022-28630
JSON object: View
Redhat Information
No data.
CWE