Vulnerability Name:

CVE-2022-28638 (CCN-236671)

Assigned:2022-09-15
Published:2022-09-15
Updated:2022-09-23
Summary:An isolated local disclosure of information and potential isolated local arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability were discovered in HPE Integrated Lights-Out 5 (iLO 5) in Version: 2.71. Hewlett Packard Enterprise has provided updated firmware for HPE Integrated Lights-Out 5 (iLO 5) that addresses these security vulnerabilities.
CVSS v3 Severity:7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
5.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L)
4.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): High
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:3.5 Low (CCN CVSS v2 Vector: AV:L/AC:H/Au:S/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): High
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2022-28638

Source: XF
Type: UNKNOWN
hpe-cve202228638-code-exec(236671)

Source: CCN
Type: HPESBHF04365 rev.1
HPE Integrated Lights-Out 5 (iLO 5), Multiple Local Vulnerabilities

Source: MISC
Type: Vendor Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04365en_us

Vulnerable Configuration:Configuration 1:
  • cpe:/o:hpe:integrated_lights-out_5_firmware:*:*:*:*:*:*:*:* (Version < 2.72)
  • AND
  • cpe:/h:hpe:proliant_xl230k_gen10_server:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:proliant_xl190r_gen10_server:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:proliant_xl170r_gen10_server:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:proliant_dl580_gen10_server:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:proliant_dl560_gen10_server:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:proliant_dl385_gen10_server:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:proliant_dl380_gen10_server:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:proliant_dl360_gen10_server:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:proliant_dl180_gen10_server:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:apollo_4510_gen10_system:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:proliant_bl460c_gen10_server_blade:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:proliant_dl160_gen10_server:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:proliant_dl20_gen10_server:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:proliant_dl325_gen10_server:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:proliant_dx170r_gen10_server:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:proliant_dx190r_gen10_server:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:proliant_dx360_gen10_server:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:proliant_dx380_gen10_server:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:proliant_dx4200_gen10_server:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:proliant_dx560_gen10_server:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:proliant_e910_server_blade:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:proliant_m750_server_blade:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:proliant_ml110_gen10_server:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:proliant_ml30_gen10_server:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:proliant_ml350_gen10_server:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:proliant_xl270d_gen10_server:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:proliant_xl450_gen10_server:-:*:*:*:*:*:*:*
  • OR cpe:/h:hp:apollo_4200_gen10_server:-:*:*:*:*:*:*:*
  • OR cpe:/h:hp:apollo_4500:-:*:*:*:*:*:*:*
  • OR cpe:/h:hp:apollo_r2000_chassis:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:apollo_2000_gen10_plus_system:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:apollo_6500_gen10_plus:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:apollo_n2600_gen10_plus:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:apollo_n2800_gen10_plus:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:apollo_r2600_gen10:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:apollo_r2800_gen10:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:edgeline_e920_server_blade:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:edgeline_e920d_server_blade:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:edgeline_e920t_server_blade:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:proliant_dl110_gen10_plus_telco_server:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:proliant_dl20_gen10_plus_server:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:proliant_dl325_gen10_plus_server:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:proliant_dl325_gen10_plus_v2_server:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:proliant_dl345_gen10_plus_server:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:proliant_dl360_gen10_plus_server:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:proliant_dl365_gen10_plus_server:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:proliant_dl380_gen10_plus_server:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:proliant_dl385_gen10_plus_server:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:proliant_dl385_gen10_plus_v2_server:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:proliant_dx220n_gen10_plus_server:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:proliant_dx325_gen10_plus_v2_server:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:proliant_dx360_gen10_plus_server:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:proliant_dx380_gen10_plus_server:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:proliant_dx385_gen10_plus_server:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:proliant_dx385_gen10_plus_v2_server:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:proliant_e910t_server_blade:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:proliant_microserver_gen10_plus:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:proliant_ml30_gen10_plus_server:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:proliant_xl220n_gen10_plus_server:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:proliant_xl225n_gen10_plus_1u_node:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:proliant_xl290n_gen10_plus_server:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:proliant_xl420_gen10_server:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:proliant_xl925g_gen10_plus_1u_4-node_configure-to-order_server:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:apollo_4200_gen10_plus_system:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:integrated_lights-out_5:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:proliant_xl645d_gen10_plus_server:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:proliant_xl675d_gen10_plus_server:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:storage_file_controller:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:storage_performance_file_controller:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:storeeasy_1460_storage:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:storeeasy_1560_storage:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:storeeasy_1660_expanded_storage:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:storeeasy_1660_performance_storage:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:storeeasy_1660_storage:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:storeeasy_1860_performance_storage:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:storeeasy_1860_storage:-:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/h:hpe:proliant_dl120_gen10_server:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:proliant_dl160_gen10_server:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:proliant_dl180_gen10_server:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:proliant_dl380_gen10_server:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:proliant_dl560_gen10_server:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:apollo_4200_gen10_server:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:proliant_dl20_gen10_server:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:apollo_2000_gen10_plus_system:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:apollo_4510_gen10_system:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:apollo_6500_gen10_plus_system:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:apollo_n2600_gen10_plus:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:apollo_n2800_gen10_plus:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:proliant_dl20_gen10_server:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:proliant_dl325_gen10_plus_server:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:proliant_dl325_gen10_server:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:proliant_dl345_gen10_plus_server:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:proliant_dl360_gen10_plus_server:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:proliant_dl380_gen10_plus_server:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:proliant_dl385_gen10_plus_server:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:proliant_dl580_gen10_server:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:storeeasy_1460_storage:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:storeeasy_1560_storage:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:storeeasy_1660_expanded_storage:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:storeeasy_1660_performance_storage:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:storeeasy_1660_storage:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:storeeasy_1860_performance_storage:-:*:*:*:*:*:*:*
  • OR cpe:/h:hpe:storeeasy_1860_storage:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    hpe integrated lights-out 5 firmware *
    hpe proliant xl230k gen10 server -
    hpe proliant xl190r gen10 server -
    hpe proliant xl170r gen10 server -
    hpe proliant dl580 gen10 server -
    hpe proliant dl560 gen10 server -
    hpe proliant dl385 gen10 server -
    hpe proliant dl380 gen10 server -
    hpe proliant dl360 gen10 server -
    hpe proliant dl180 gen10 server -
    hpe apollo 4510 gen10 system -
    hpe proliant bl460c gen10 server blade -
    hpe proliant dl160 gen10 server -
    hpe proliant dl20 gen10 server -
    hpe proliant dl325 gen10 server -
    hpe proliant dx170r gen10 server -
    hpe proliant dx190r gen10 server -
    hpe proliant dx360 gen10 server -
    hpe proliant dx380 gen10 server -
    hpe proliant dx4200 gen10 server -
    hpe proliant dx560 gen10 server -
    hpe proliant e910 server blade -
    hpe proliant m750 server blade -
    hpe proliant ml110 gen10 server -
    hpe proliant ml30 gen10 server -
    hpe proliant ml350 gen10 server -
    hpe proliant xl270d gen10 server -
    hpe proliant xl450 gen10 server -
    hp apollo 4200 gen10 server -
    hp apollo 4500 -
    hp apollo r2000 chassis -
    hpe apollo 2000 gen10 plus system -
    hpe apollo 6500 gen10 plus -
    hpe apollo n2600 gen10 plus -
    hpe apollo n2800 gen10 plus -
    hpe apollo r2600 gen10 -
    hpe apollo r2800 gen10 -
    hpe edgeline e920 server blade -
    hpe edgeline e920d server blade -
    hpe edgeline e920t server blade -
    hpe proliant dl110 gen10 plus telco server -
    hpe proliant dl20 gen10 plus server -
    hpe proliant dl325 gen10 plus server -
    hpe proliant dl325 gen10 plus v2 server -
    hpe proliant dl345 gen10 plus server -
    hpe proliant dl360 gen10 plus server -
    hpe proliant dl365 gen10 plus server -
    hpe proliant dl380 gen10 plus server -
    hpe proliant dl385 gen10 plus server -
    hpe proliant dl385 gen10 plus v2 server -
    hpe proliant dx220n gen10 plus server -
    hpe proliant dx325 gen10 plus v2 server -
    hpe proliant dx360 gen10 plus server -
    hpe proliant dx380 gen10 plus server -
    hpe proliant dx385 gen10 plus server -
    hpe proliant dx385 gen10 plus v2 server -
    hpe proliant e910t server blade -
    hpe proliant microserver gen10 plus -
    hpe proliant ml30 gen10 plus server -
    hpe proliant xl220n gen10 plus server -
    hpe proliant xl225n gen10 plus 1u node -
    hpe proliant xl290n gen10 plus server -
    hpe proliant xl420 gen10 server -
    hpe proliant xl925g gen10 plus 1u 4-node configure-to-order server -
    hpe apollo 4200 gen10 plus system -
    hpe integrated lights-out 5 -
    hpe proliant xl645d gen10 plus server -
    hpe proliant xl675d gen10 plus server -
    hpe storage file controller -
    hpe storage performance file controller -
    hpe storeeasy 1460 storage -
    hpe storeeasy 1560 storage -
    hpe storeeasy 1660 expanded storage -
    hpe storeeasy 1660 performance storage -
    hpe storeeasy 1660 storage -
    hpe storeeasy 1860 performance storage -
    hpe storeeasy 1860 storage -
    hpe proliant dl120 gen10 server -
    hpe proliant dl160 gen10 server -
    hpe proliant dl180 gen10 server -
    hpe proliant dl380 gen10 server -
    hpe proliant dl560 gen10 server -
    hpe apollo 4200 gen10 server -
    hpe proliant dl20 gen10 server -
    hpe apollo 2000 gen10 plus system -
    hpe apollo 4510 gen10 system -
    hpe apollo 6500 gen10 plus system -
    hpe apollo n2600 gen10 plus -
    hpe apollo n2800 gen10 plus -
    hpe proliant dl20 gen10 server -
    hpe proliant dl325 gen10 plus server -
    hpe proliant dl325 gen10 server -
    hpe proliant dl345 gen10 plus server -
    hpe proliant dl360 gen10 plus server -
    hpe proliant dl380 gen10 plus server -
    hpe proliant dl385 gen10 plus server -
    hpe proliant dl580 gen10 server -
    hpe storeeasy 1460 storage -
    hpe storeeasy 1560 storage -
    hpe storeeasy 1660 expanded storage -
    hpe storeeasy 1660 performance storage -
    hpe storeeasy 1660 storage -
    hpe storeeasy 1860 performance storage -
    hpe storeeasy 1860 storage -