First published: Thu Aug 11 2022(Updated: )
A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. A low privileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality, integrity, and availability. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5).
Credit: security-alert@hpe.com
Affected Software | Affected Version | How to fix |
---|---|---|
Hpe Integrated Lights-out 5 Firmware | <2.71 | |
Hpe Apollo 2000 Gen10 Plus System | ||
Hpe Apollo 4200 Gen10 Server | ||
Hpe Apollo 4510 Gen10 System | ||
Hpe Apollo 6500 Gen10 Plus System | ||
Hpe Apollo 6500 Gen10 System | ||
Hpe Apollo N2600 Gen10 Plus | ||
Hpe Apollo N2800 Gen10 Plus | ||
Hpe Apollo R2600 Gen10 | ||
Hpe Apollo R2800 Gen10 | ||
Hpe Edgeline E920 Server Blade | ||
Hpe Edgeline E920d Server Blade | ||
Hpe Edgeline E920t Server Blade | ||
Hpe Proliant Bl460c Gen10 Server Blade | ||
Hpe Proliant Dl110 Gen10 Plus Telco Server | ||
Hpe Proliant Dl120 Gen10 Server | ||
Hpe Proliant Dl160 Gen10 Server | ||
Hpe Proliant Dl180 Gen10 Server | ||
Hpe Proliant Dl20 Gen10 Plus Server | ||
Hpe Proliant Dl20 Gen10 Server | ||
Hpe Proliant Dl325 Gen10 Plus Server | ||
Hpe Proliant Dl325 Gen10 Plus V2 Server | ||
Hpe Proliant Dl325 Gen10 Server | ||
Hpe Proliant Dl345 Gen10 Plus Server | ||
Hpe Proliant Dl360 Gen10 Plus Server | ||
Hpe Proliant Dl360 Gen10 Server | ||
Hpe Proliant Dl365 Gen10 Plus Server | ||
Hpe Proliant Dl380 Gen10 Plus Server | ||
Hpe Proliant Dl380 Gen10 Server | ||
Hpe Proliant Dl385 Gen10 Plus Server | ||
Hpe Proliant Dl385 Gen10 Plus V2 Server | ||
Hpe Proliant Dl385 Gen10 Server | ||
Hpe Proliant Dl560 Gen10 Server | ||
Hpe Proliant Dl580 Gen10 Server | ||
Hpe Proliant Dx170r Gen10 Server | ||
Hpe Proliant Dx190r Gen10 Server | ||
Hpe Proliant Dx220n Gen10 Plus Server | ||
Hpe Proliant Dx325 Gen10 Plus V2 Server | ||
Hpe Proliant Dx360 Gen10 Plus Server | ||
Hpe Proliant Dx360 Gen10 Server | ||
Hpe Proliant Dx380 Gen10 Plus Server | ||
Hpe Proliant Dx380 Gen10 Server | ||
Hpe Proliant Dx385 Gen10 Plus Server | ||
Hpe Proliant Dx385 Gen10 Plus V2 Server | ||
Hpe Proliant Dx4200 Gen10 Server | ||
Hpe Proliant Dx560 Gen10 Server | ||
Hpe Proliant E910 Server Blade | ||
Hpe Proliant E910t Server Blade | ||
Hpe Proliant M750 Server Blade | ||
HPE ProLiant MicroServer Gen10 Plus | ||
Hpe Proliant Ml110 Gen10 Server | ||
Hpe Proliant Ml30 Gen10 Plus Server | ||
Hpe Proliant Ml30 Gen10 Server | ||
Hpe Proliant Ml350 Gen10 Server | ||
Hpe Proliant Xl170r Gen10 Server | ||
Hpe Proliant Xl190r Gen10 Server | ||
Hpe Proliant Xl220n Gen10 Plus Server | ||
Hpe Proliant Xl225n Gen10 Plus 1u Node | ||
Hpe Proliant Xl230k Gen10 Server | ||
Hpe Proliant Xl270d Gen10 Server | ||
Hpe Proliant Xl290n Gen10 Plus Server | ||
Hpe Proliant Xl420 Gen10 Server | ||
Hpe Proliant Xl450 Gen10 Server | ||
Hpe Proliant Xl645d Gen10 Plus Server | ||
Hpe Proliant Xl675d Gen10 Plus Server | ||
Hpe Proliant Xl925g Gen10 Plus Server | ||
Hpe Storage File Controller | ||
Hpe Storage Performance File Controller | ||
Hpe Storeeasy 1460 Storage | ||
Hpe Storeeasy 1560 Storage | ||
Hpe Storeeasy 1660 Expanded Storage | ||
Hpe Storeeasy 1660 Performance Storage | ||
Hpe Storeeasy 1660 Storage | ||
Hpe Storeeasy 1860 Performance Storage | ||
Hpe Storeeasy 1860 Storage |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-28629 is a local arbitrary code execution vulnerability in HPE Integrated Lights-Out 5 (iLO 5) firmware versions prior to 2.71.
CVE-2022-28629 has a severity rating of 7.8, classified as high.
A low privileged user could locally exploit CVE-2022-28629 to execute arbitrary code, resulting in a complete loss of confidentiality, integrity, and availability.
HPE Integrated Lights-Out 5 (iLO 5) firmware versions prior to 2.71 are affected by CVE-2022-28629.
For more information about CVE-2022-28629, you can visit the reference provided by HPE: https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04333en_us.