According to the bulletin, only HP iLO 4 servers running firmware version 2.53 or earlier were affected. Admins can find the original HPE security bulletin here. The vulnerability ( CVE-2017-12542) is rated a 9.8 out of 10, making it critical.Ī noted by BleepingComputer, the vulnerability was discovered in early 2017 and was actually patched in August 2017. Using this exploit, someone could find cleartext user credentials, change the iLO firmware, or execute malicious code, the paper said. SEE: Network security policy (Tech Pro Research)Ĭurl -H "Connection: AAAAAAAAAAAAAAAAAAAAAAAAAAAAA" According to the paper, the vulnerability can be exploited remotely as well. Want to know how easy it is to bypass authentication measures in an HPE Integrated Lights-Out 4 (iLO 4) server? Make a cURL request and then type the letter “A” 29 times.Īs noted by BleepingComputer, the vulnerability affecting these servers was found last year by a group of three security researchers, who detailed their findings in a research paper.
0 Comments
Leave a Reply. |