You are here

HPE integrated Lights Out (iLO) - Remote Code Execution Vulnerability

Affects product: 
Airlock WAF
IDs: 
CVE-2017-12542
Keywords: 
HP, HPE, iLO, hardware
Description: 

A potential security vulnerability has been identified in HPE Integrated Lights-out used for remote administration of HP server systems. The vulnerability could be exploited remotely to allow authentication bypass and execution of code [1]. iLO4 version prior 2.53 are affected.

Airlock WAF may be affected when running on an HP system running a vulnerable iLO 4 version.

Resolution: 

We recommend to update all HP systems running a vulnerable iLO 4 firmware. Firmware updates are available here [2]. Further we recommend to restrict access to iLO to a trusted local network or to completely deactivate iLO.

Component: 
Airlock
Airlock Vulnerability Status: 
Airlock vulnerable, see resolution
Back-end Vulnerability Status: 
Back-ends may be vulnerable, see resolution