A severe security vulnerability has been identified in HPE Integrated Lights-out used for remote administration of HP server systems. The vulnerability can be exploited remotely to allow authentication bypass and execution of code [1]. iLO4 version prior 2.53 are affected.
Airlock WAF is affected when running on an HP system running a vulnerable iLO 4 version.
The attack complexity for this vulnerability is very low and exploits are public available [3].
We highly recommend to update all HP systems running a vulnerable iLO 4 firmware. Firmware updates are available here [2]. Further, we recommend to restrict access to iLO to a trusted local network or to completely deactivate iLO.