CVE-2020-7202

CWE-200 — Information Exposure3 documents3 sources

Severity

5.3MEDIUM

EPSS

0.5%

top 35.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

HP Integrated Lights-out 4 HP Integrated Lights-out 5

Timeline

PublishedJan 5

Latest updateMay 24

Description

A potential security vulnerability has been identified in HPE Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 4 (iLO 4) firmware. The vulnerability could be remotely exploited to disclose the serial number and other information.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶NVDhp/integrated_lights-out_4< 2.76

▶NVDhp/integrated_lights-out_5< 2.31

🔴Vulnerability Details

GHSA

GHSA-p35j-j49h-qh9f: A potential security vulnerability has been identified in HPE Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 4 (iLO 4) firmware↗2022-05-24

▶

CVEList

CVE-2020-7202: A potential security vulnerability has been identified in HPE Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 4 (iLO 4) firmware↗2021-01-05

▶