Posts

iLO3 and iLO4 affected by unauthorized access vulnerability

VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP Integrated Lights-Out iLO3 and iLO4 using Single-Sign-On (SSO). The vulnerability could be remotely exploited resulting in unauthorized access.

References: CVE-2013-2338 (SSRT101180)
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Integrated Lights-Out 3 (iLO3) firmware versions prior to v1.57.
HP Integrated Lights-Out 4 (iLO4) firmware versions prior to v1.22.

More information: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c03787836