SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   HPE integrated Lights Out (iLO) Vendors:   HPE
HP Integrated Lights Out May Let Remote Users Access the System When Powered Down
SecurityTracker Alert ID:  1014658
SecurityTracker URL:  http://securitytracker.com/id/1014658
CVE Reference:   CVE-2005-2552   (Links to External Site)
Updated:  Jun 8 2008
Original Entry Date:  Aug 11 2005
Impact:   User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): HP ProLiant DL585 ILO firmware prior to version 1.82
Description:   A vulnerability was reported in HP Integrated Lights Out on HP's ProLiant DL585 Server. A remote user can gain access to the system.

A remote user may be able to gain access to the server controls when the target server is powered down.

Only some ProLiant DL585 servers are affected. No other models are affected.

The vendor discovered this vulnerability.

No further details were provided.

Impact:   A remote user can gain access to the target system when it is powered down.
Solution:   The vendor has issued a fixed version (1.82).

Online ROM Flash Component for Windows - HP Integrated Lights-Out:

http://h18023.www1.hp.com/support/files/server/us/download/23468.html

Online ROM Flash Component for Linux - HP Integrated Lights-Out:

http://h18023.www1.hp.com/support/files/server/us/download/23469.html

Offline ROM Flash for SmartStart Maintenance: ROM Update Utility - Integrated Lights-Out:

http://h18023.www1.hp.com/support/files/server/us/download/23563.html

As a workaround, you can unplug the power cord whenever the server is powered down.

Vendor URL:  www2.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBMA01220 (Links to External Site)
Cause:   Not specified

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC