⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.

CVE-2017-12542HP Integrated Lights-out 4 Firmware vulnerability

6 documents6 sources
Severity
10.0CRITICALNVD
EPSS
94.3%
top 0.07%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
2
HP Integrated Lights-out 4 FirmwareHewlett Packard Enterprise Integrated Lights-out 4
Timeline
PublishedFeb 15
Latest updateMay 14

Description

A authentication bypass and execution of code vulnerability in HPE Integrated Lights-out 4 (iLO 4) version prior to 2.53 was found.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 3.9 | Impact: 6.0

Affected Packages2 packages

🔴Vulnerability Details

3
GHSA
GHSA-7m3v-cw5q-g499: A authentication bypass and execution of code vulnerability in HPE Integrated Lights-out 4 (iLO 4) version prior to 22022-05-14
CVEList
CVE-2017-12542: A authentication bypass and execution of code vulnerability in HPE Integrated Lights-out 4 (iLO 4) version prior to 22018-02-15
VulnCheck
HPE Integrated Lights-out 4 Code Execution2017

💥Exploits & PoCs

2
Exploit-DB
HPE iLO 4 < 2.53 - Add New Administrator User2018-02-05
Nuclei
HPE Integrated Lights-out 4 (ILO4) <2.53 - Authentication Bypass
CVE-2017-12542 — HP vulnerability | cvebase