CVE-2016-4379

CWE-3103 documents3 sources
Severity
3.7LOW
EPSS
0.5%
top 35.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
HP Integrated Lights-out 3 Firmware
Timeline
PublishedSep 8
Latest updateMay 17

Description

The TLS implementation in HPE Integrated Lights-Out 3 (aka iLO3) firmware before 1.88 does not properly use a MAC protection mechanism in conjunction with CBC padding, which allows remote attackers to obtain sensitive information via a padding-oracle attack, aka a Vaudenay attack.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-66rr-2jf5-q2c5: The TLS implementation in HPE Integrated Lights-Out 3 (aka iLO3) firmware before 12022-05-17
CVEList
CVE-2016-4379: The TLS implementation in HPE Integrated Lights-Out 3 (aka iLO3) firmware before 12016-09-08
CVE-2016-4379 (LOW CVSS 3.7) | The TLS implementation in HPE Integ | cvebase.io