Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - SANS Internet Storm Center InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

HP iLO3/iLO4 Remote Unauthorized Access with Single-Sign-On

Published: 2013-06-20
Last Updated: 2013-06-20 01:39:36 UTC
by Guy Bruneau (Version: 1)
0 comment(s)

HP released a security bulletin on a potential remote unauthorized access with HP Integrated Lights-Out iLO3/iLO4 using Single-Sign-On.

CVE-2013-2338 has been assigned and the following versions are impacted:

HP Integrated Lights-Out 3 (iLO3) firmware versions prior to v1.57.
HP Integrated Lights-Out 4 (iLO4) firmware versions prior to v1.22.

If you are impacted, HP recommends upgrading as soon as possible. The current version is available here.



Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

0 comment(s)
Diary Archives