Integrated Lights Out Firmware
CVE-2015-5436
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionCVE.org
A potential security vulnerability has been identified with HP Integrated Lights-Out 4 (iLO 4) firmware version 2.11 and later, but prior to version 2.30. The vulnerability could be exploited remotely resulting in Denial of Service (DoS). Note this was originally published in 2015 however the CVE entry was added in 2020.
AnalysisAI
A potential security vulnerability has been identified with HP Integrated Lights-Out 4 (iLO 4) firmware version 2.11 and later, but prior to version 2.30. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
A potential security vulnerability has been identified with HP Integrated Lights-Out 4 (iLO 4) firmware version 2.11 and later, but prior to version 2.30. The vulnerability could be exploited remotely resulting in Denial of Service (DoS). Note this was originally published in 2015 however the CVE entry was added in 2020. Affected products include: Hp Integrated Lights-Out Firmware. Version information: version 2.11.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Unspecified vulnerability in HP Integrated Lights-Out 3 (aka iLO3) firmware before 1.60 and 4 (aka iLO4) firmware before
Unspecified vulnerability in HP Integrated Lights-Out 4 (iLO4) with firmware before 1.32 allows remote authenticated use
A potential security vulnerability has been identified in HPE ProLiant RL300 Gen11 Server. Rated medium severity (CVSS 6
Cross-site scripting (XSS) vulnerability in HP Integrated Lights-Out 4 (iLO4) with firmware before 1.32 allows remote at
Same technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today