漏洞标题
N/A
漏洞描述信息
在 HPE 集成照明5(iLO 5) 软件版本中发现了隔离进程中的潜在局部任意代码执行和局部拒绝服务(DoS)漏洞:2.71 之前。非特权用户可以在本地利用此漏洞,可能在隔离进程中执行任意代码,从而导致该进程的保密性、完整性和可用性完全丧失。此外,非特权用户也可以在隔离进程中利用拒绝服务(DoS)漏洞,从而导致该进程的可用性完全丧失。成功的攻击取决于攻击者无法控制的条件。HPE 已经提供了在 HPE 集成照明5(iLO 5) 中解决此漏洞的软体更新。
CVSS信息
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
A potential local arbitrary code execution and a local denial of service (DoS) vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could locally exploit this vulnerability to potentially execute arbitrary code in an isolated process resulting in a complete loss of confidentiality, integrity, and availability within that process. In addition, an unprivileged user could exploit a denial of service (DoS) vulnerability in an isolated process resulting in a complete loss of availability within that process. A successful attack depends on conditions beyond the attackers control. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5).
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Hewlett Packard Enterprise Integrated Lights-Out 5 安全漏洞
漏洞描述信息
Hewlett Packard Enterprise Integrated Lights-Out 5(iLO 5)是美国慧与(Hewlett Packard Enterprise)的一套远程控制解决方案。该方案能够对服务器等IT资产进行远程监控和运维。 Hewlett Packard Enterprise Integrated Lights-Out 5 (iLO 5) firmware 2.71之前版本存在安全漏洞。攻击者利用该漏洞执行任意代码,从而导致系统完全丧失机密性、完整性和可用性。
CVSS信息
N/A
漏洞类别
其他