CVE-2017-12543 — Sensitive Information Exposure in HP Moonshot Remote Console Administrator

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.4%

top 42.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

HP Integrated Lights-out 2 Firmware HP Integrated Lights-out 3 Firmware HP Integrated Lights-out 4 Firmware +2 more

Timeline

PublishedFeb 15

Latest updateMay 14

Description

A remote disclosure of information vulnerability in Moonshot Remote Console Administrator Prior to 2.50, iLO4 prior to v2.53, iLO3 prior to v1.89 and iLO2 prior to v2.30 was found.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages5 packages

▶NVDhp/moonshot_remote_console_administrator< 2.50

▶NVDhp/integrated_lights-out_2_firmware< 2.30

▶NVDhp/integrated_lights-out_3_firmware< 1.89

▶NVDhp/integrated_lights-out_4_firmware< 2.53

▶CVEListV5hewlett_packard_enterprise/integrated_lights-out_4Moonshot Remote Console Administrator Prior to 2.50, iLO4 prior to v2.53, iLO3 prior to v1.89 and iLO2 prior to v2.30

🔴Vulnerability Details

GHSA

GHSA-qwh9-2cm6-p4rq: A remote disclosure of information vulnerability in Moonshot Remote Console Administrator Prior to 2↗2022-05-14

▶

CVEList

CVE-2017-12543: A remote disclosure of information vulnerability in Moonshot Remote Console Administrator Prior to 2↗2018-02-15

▶