medium
5.3
Advisory Published
Updated

CVE-2020-7202

First published: Tue Jan 05 2021(Updated: )

A potential security vulnerability has been identified in HPE Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 4 (iLO 4) firmware. The vulnerability could be remotely exploited to disclose the serial number and other information.

Credit: security-alert@hpe.com

Affected SoftwareAffected VersionHow to fix
HP Integrated Lights-Out 4 Firmware<2.76
Hewlett Packard Enterprise Apollo 4200 Gen9 Server
HP Converged System CS700x
HP Converged System CS700x
HPE ProLiant BL420c Gen8 Server
HPE ProLiant BL460c Gen8 Blade Server
HPE ProLiant BL460c Gen9 Server Blade
HP ProLiant BL465c Gen8 (AMD)
HPE ProLiant bl660c Gen8 Blade Server
HPE ProLiant bl660c gen9 server blade
HPE ProLiant DL120 Gen9 Server
HPE ProLiant DL160 Gen8 Server
HPE ProLiant DL160 Gen9 Server
HP ProLiant DL180 Gen9
HPE ProLiant DL320e Gen8 v2 Server
HP ProLiant DL320e Gen8 Server Firmware
HP ProLiant DL360 Gen9
HPE ProLiant DL360e Gen8 Server
HP ProLiant DL360p Gen8 Server Firmware
HPE ProLiant DL380 Gen9 Server
HP ProLiant DL380e Gen8 Server Firmware
HPE ProLiant DL380p Gen8 Server
HP ProLiant DL385p Gen8 (AMD)
HPE ProLiant DL560 Gen8 Server
HP ProLiant DL560 Gen9 Server Firmware
HP ProLiant DL580 Gen8 Server Firmware
HPE ProLiant DL580 Gen9 Server
HP ProLiant DL60 Gen9 Server
HPE ProLiant DL80 Gen9 Server
HPE ProLiant MicroServer Gen8
HP ProLiant ML110 Gen9 Server Firmware
HP ProLiant ML30 Gen9
HP ProLiant ML310e Gen8 v2 Server
HPE ProLiant ML310e Gen8 v2 Server
HP ProLiant ML350
HPE ProLiant ML350e Gen8 v2 Server
HPE ProLiant ML350e Gen8 v2 Server
HP ProLiant ML350p Gen8 Server Firmware
HP ProLiant SL210t Gen8 Server Firmware
HPE ProLiant SL230s Gen8 Server
HP ProLiant SL250s Gen8 Server Firmware
HPE ProLiant SL270s Gen8 Server
HPE ProLiant SL270s Gen8 Server Firmware
HPE ProLiant SL4540 Gen8 Server
HPE ProLiant WS460c Gen8 Graphics Server Blade
HPE ProLiant WS460c Gen9 Graphics Server Blade
HP ProLiant XL170r Gen9 Server Firmware
HP ProLiant XL190r Gen9 Server Firmware
HPE ProLiant XL220a Gen8 v2 Server
HPE ProLiant XL230a Gen9 Server
HPE ProLiant XL250a Gen9 Server
HPE ProLiant XL450 Gen9 Server
HPE ProLiant xl730f Gen9 Server
HP ProLiant XL740f Gen9
HP ProLiant XL750f Gen9
HPE Synergy 480 Gen9 Compute Module
HP Integrated Lights-Out<2.31
HPE Apollo 4200 Gen10 Server
HPE Apollo 4510 Gen10 System
HPE Apollo R2000 Chassis
HPE ProLiant BL460c Gen10 Server Blade
HP ProLiant DL120 Gen10 Firmware
HPE ProLiant DL160 Gen10 Server
HP ProLiant DL180 Gen10
HPE ProLiant DL20 Gen10 Server firmware
HPE ProLiant DL325 Gen10 Plus Server
HPE ProLiant DL325 Gen10 Server
HPE ProLiant DL360 Gen10 Server
HPE ProLiant DL380 Gen10 Server
HPE ProLiant DL385 Gen10 Plus Server
HP ProLiant dl385 Gen10
HP ProLiant dl560 Gen10
HP ProLiant dl580 Gen10
HPE ProLiant ML110 Gen10 Server
HPE ProLiant ML30 Gen10 Server
HP ProLiant ML350
HP ProLiant xl170r Gen10
HPE ProLiant XL190r Gen10 Server
HP ProLiant XL230K Gen10 Firmware
HPE ProLiant XL270d Gen10 Server
HPE ProLiant XL450 Gen10 Server
HPE Synergy 480 Gen10 Compute Module
HPE Synergy 660 Gen10 Compute Module

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2020-7202?

    CVE-2020-7202 has been classified as a high-severity vulnerability due to its potential for remote exploitation.

  • How do I fix CVE-2020-7202?

    To fix CVE-2020-7202, users should update their HPE Integrated Lights-Out 5 (iLO 5) firmware to version 2.31 or later or upgrade their HPE Integrated Lights-Out 4 (iLO 4) firmware to version 2.76 or later.

  • What does CVE-2020-7202 affect?

    CVE-2020-7202 affects HPE Integrated Lights-Out 5 and Integrated Lights-Out 4 firmware, potentially allowing unauthorized access to serial numbers and other sensitive information.

  • Can CVE-2020-7202 be exploited remotely?

    Yes, CVE-2020-7202 can be exploited remotely, which poses a significant risk to affected systems.

  • What are the potential impacts of CVE-2020-7202?

    The potential impacts of CVE-2020-7202 include unauthorized information disclosure, which could lead to further attacks or system misuse.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203