CVE-2013-2338 — HP Integrated Lights-out 3 Firmware vulnerability

3 documents3 sources

Severity

10.0CRITICALNVD

EPSS

22.2%

top 4.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

HP Integrated Lights-out 3 Firmware HP Integrated Lights-out 4 Firmware

Timeline

PublishedJun 14

Latest updateMay 13

Description

Unspecified vulnerability on HP Integrated Lights-Out 3 (aka iLO3) cards with firmware before 1.57 and 4 (aka iLO4) cards with firmware before 1.22, when Single-Sign-On (SSO) is used, allows remote attackers to execute arbitrary code via unknown vectors.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶NVDhp/integrated_lights-out_3_firmware1.55+6

▶NVDhp/integrated_lights-out_4_firmware1.20+2

🔴Vulnerability Details

GHSA

GHSA-w5qx-q47h-98vx: Unspecified vulnerability on HP Integrated Lights-Out 3 (aka iLO3) cards with firmware before 1↗2022-05-13

▶

CVEList

CVE-2013-2338: Unspecified vulnerability on HP Integrated Lights-Out 3 (aka iLO3) cards with firmware before 1↗2013-06-14

▶