Skip to main content

Integrated Lights Out 3 Firmware

9 CVEs product

Monthly

CVE-2018-7112 MEDIUM This Month

The HPE-provided Windows firmware installer for certain Gen9, Gen8, G7,and G6 HPE servers allows local disclosure of privileged information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Integrated Lights Out 2 Firmware Integrated Lights Out 3 Firmware Integrated Lights Out 4 Firmware +98
NVD
CVSS 3.0
5.5
EPSS
0.7%
CVE-2018-7105 HIGH This Week

A security vulnerability in HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers prior to v1.35, HPE Integrated Lights-Out 4 (iLO 4) prior to v2.61, HPE Integrated Lights-Out 3 (iLO 3) prior to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Integrated Lights Out 5 Firmware Integrated Lights Out 3 Firmware Integrated Lights Out 4 Firmware
NVD
CVSS 3.0
7.2
EPSS
4.1%
CVE-2018-7093 HIGH This Week

A security vulnerability in HPE Integrated Lights-Out 3 prior to v1.90, iLO 4 prior to v2.60, iLO 5 prior to v1.30, Moonshot Chassis Manager firmware prior to v1.58, and Moonshot Component Pack prior. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Integrated Lights Out 3 Firmware Integrated Lights Out 4 Firmware Integrated Lights Out 5 Firmware Moonshot Chassis Manager Firmware +1
NVD
CVSS 3.0
8.6
EPSS
3.5%
CVE-2016-4379 LOW Monitor

The TLS implementation in HPE Integrated Lights-Out 3 (aka iLO3) firmware before 1.88 does not properly use a MAC protection mechanism in conjunction with CBC padding, which allows remote attackers. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Oracle Integrated Lights Out 3 Firmware
NVD
CVSS 3.0
3.7
EPSS
0.5%
CVE-2016-4375 CRITICAL Act Now

Multiple unspecified vulnerabilities in HPE Integrated Lights-Out 3 (aka iLO 3) firmware before 1.88, Integrated Lights-Out 4 (aka iLO 4) firmware before 2.44, and Integrated Lights-Out 4 (aka iLO 4). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Integrated Lights Out 3 Firmware Integrated Lights Out 4 Firmware Integrated Lights Out 4 Mrca Firmware
NVD
CVSS 3.0
9.8
EPSS
1.9%
CVE-2015-5435 MEDIUM This Month

Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 3 before 1.85 and 4 before 2.22 allows remote authenticated users to cause a denial of service via unknown vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Denial Of Service Integrated Lights Out 3 Firmware Integrated Lights Out 4 Firmware
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2015-2106 MEDIUM This Month

Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 2 before 2.27, 3 before 1.82, and 4 before 2.10 allows remote attackers to bypass intended access restrictions or cause a denial. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Denial Of Service Integrated Lights Out 2 Firmware Integrated Lights Out 3 Firmware Integrated Lights Out 4 Firmware
NVD
CVSS 2.0
6.4
EPSS
0.6%
CVE-2013-2338 CRITICAL Act Now

Unspecified vulnerability on HP Integrated Lights-Out 3 (aka iLO3) cards with firmware before 1.57 and 4 (aka iLO4) cards with firmware before 1.22, when Single-Sign-On (SSO) is used, allows remote. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 22.2% and no vendor patch available.

HP RCE Integrated Lights Out 3 Firmware Integrated Lights Out 4 Firmware
NVD
CVSS 2.0
10.0
EPSS
22.2%
CVE-2012-3271 CRITICAL PATCH Act Now

Unspecified vulnerability on the HP Integrated Lights-Out 3 (aka iLO3) with firmware before 1.50 and Integrated Lights-Out 4 (aka iLO4) with firmware before 1.13 allows remote attackers to obtain. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable.

Information Disclosure HP Integrated Lights Out 3 Firmware Integrated Lights Out 4 Firmware
NVD
CVSS 2.0
9.3
EPSS
1.4%
EPSS 1% CVSS 5.5
MEDIUM This Month

The HPE-provided Windows firmware installer for certain Gen9, Gen8, G7,and G6 HPE servers allows local disclosure of privileged information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Integrated Lights Out 2 Firmware +100
NVD
EPSS 4% CVSS 7.2
HIGH This Week

A security vulnerability in HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers prior to v1.35, HPE Integrated Lights-Out 4 (iLO 4) prior to v2.61, HPE Integrated Lights-Out 3 (iLO 3) prior to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Integrated Lights Out 5 Firmware Integrated Lights Out 3 Firmware +1
NVD
EPSS 3% CVSS 8.6
HIGH This Week

A security vulnerability in HPE Integrated Lights-Out 3 prior to v1.90, iLO 4 prior to v2.60, iLO 5 prior to v1.30, Moonshot Chassis Manager firmware prior to v1.58, and Moonshot Component Pack prior. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Integrated Lights Out 3 Firmware Integrated Lights Out 4 Firmware +3
NVD
EPSS 0% CVSS 3.7
LOW Monitor

The TLS implementation in HPE Integrated Lights-Out 3 (aka iLO3) firmware before 1.88 does not properly use a MAC protection mechanism in conjunction with CBC padding, which allows remote attackers. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Oracle Integrated Lights Out 3 Firmware
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Multiple unspecified vulnerabilities in HPE Integrated Lights-Out 3 (aka iLO 3) firmware before 1.88, Integrated Lights-Out 4 (aka iLO 4) firmware before 2.44, and Integrated Lights-Out 4 (aka iLO 4). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Integrated Lights Out 3 Firmware Integrated Lights Out 4 Firmware +1
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 3 before 1.85 and 4 before 2.22 allows remote authenticated users to cause a denial of service via unknown vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Denial Of Service Integrated Lights Out 3 Firmware +1
NVD
EPSS 1% CVSS 6.4
MEDIUM This Month

Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 2 before 2.27, 3 before 1.82, and 4 before 2.10 allows remote attackers to bypass intended access restrictions or cause a denial. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Denial Of Service Integrated Lights Out 2 Firmware +2
NVD
EPSS 22% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability on HP Integrated Lights-Out 3 (aka iLO3) cards with firmware before 1.57 and 4 (aka iLO4) cards with firmware before 1.22, when Single-Sign-On (SSO) is used, allows remote. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 22.2% and no vendor patch available.

HP RCE Integrated Lights Out 3 Firmware +1
NVD
EPSS 1% CVSS 9.3
CRITICAL PATCH Act Now

Unspecified vulnerability on the HP Integrated Lights-Out 3 (aka iLO3) with firmware before 1.50 and Integrated Lights-Out 4 (aka iLO4) with firmware before 1.13 allows remote attackers to obtain. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable.

Information Disclosure HP Integrated Lights Out 3 Firmware +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy