CVE-2022-28633
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
12/08/2022
Last modified:
16/08/2022
Description
A local disclosure of sensitive information and a local unauthorized data modification vulnerability were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could locally exploit this vulnerability to read and write to the iLO 5 firmware file system resulting in a complete loss of confidentiality and a partial loss of integrity and availability. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5).
Impact
Base Score 3.x
7.30
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:hpe:integrated_lights-out_5_firmware:*:*:*:*:*:*:*:* | 2.71 (excluding) | |
| cpe:2.3:h:hpe:apollo_2000_gen10_plus_system:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:hpe:apollo_4200_gen10_server:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:hpe:apollo_4510_gen10_system:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:hpe:apollo_6500_gen10_plus_system:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:hpe:apollo_6500_gen10_system:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:hpe:apollo_n2600_gen10_plus:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:hpe:apollo_n2800_gen10_plus:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:hpe:apollo_r2600_gen10:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:hpe:apollo_r2800_gen10:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:hpe:edgeline_e920_server_blade:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:hpe:edgeline_e920d_server_blade:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:hpe:edgeline_e920t_server_blade:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:hpe:proliant_bl460c_gen10_server_blade:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:hpe:proliant_dl110_gen10_plus_telco_server:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page