Summary
HP Integrated Lights-Out is prone to an unauthorized access vulnerability.
Impact
A remote attacker can exploit this issue to gain unauthorized administrative access to the affected application. Successful exploits will completely compromise the affected computer.
Solution
Updates are available.
Insight
An unspecified vulnerability allows remote attackers to execute arbitrary code via unknown vectors.
Affected
HP Integrated Lights-Out 3 (aka iLO3) with firmware before 1.57 and 4 (aka iLO4) with firmware before 1.22, when Single-Sign-On (SSO) is used.
Detection
Check the firmware version.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2013-2338 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe ColdFusion Authentication Bypass Vulnerability
- Apache Tomcat Windows Installer Privilege Escalation Vulnerability
- Atlassian JIRA Privilege Escalation and Multiple Cross Site Scripting Vulnerabilities
- AlienVault OSSIM SQL Injection and Remote Code Execution Vulnerabilities
- 'research_display.php' SQL Injection Vulnerability