{"id":3553,"date":"2017-08-25T02:21:00","date_gmt":"2017-08-25T00:21:00","guid":{"rendered":"http:\/\/borncity.com\/win\/?p=3553"},"modified":"2022-05-17T00:10:51","modified_gmt":"2022-05-16T22:10:51","slug":"critical-vulnerability-in-hpe-integrated-lights-out-4-ilo-4","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2017\/08\/25\/critical-vulnerability-in-hpe-integrated-lights-out-4-ilo-4\/","title":{"rendered":"Critical vulnerability in HPE Integrated Lights-out 4 (iLO 4)"},"content":{"rendered":"

[German<\/a>]The management software Integrated Lights-out 4 (iLO 4) for HP-Proliant Server has a critical vulnerability, allowing remote code execution on a system without login. <\/p>\n

<\/p>\n

Critical vulnerability \u2013 urgent patch required<\/h2>\n

Hewlett Packard's Enterprise (HPE) Product Security Response Team has released this SECURITY BULLETIN<\/a>. In Integrated Lights-out 4 (iLO 4) is a critical vulnerability (CVE-2017-12542) that allows attackers a code execution on a system without login. <\/p>\n

Affected are all HP Integrated Lights-Out 4 (iLO 4) versions before 2.53. The vulnerability has been detected by Fabien Perigaud, Airbus Defense and Space CyberSecurity. HPE quotes the vulnerability as critical, a patch should be applied as early as possible.<\/p>\n

Hot to get the firmware<\/h2>\n

HPE provides a new firmware on this web page www.hpe.com\/support\/ilo4. But it's a challenged, to find the rigt download (see Screenshot). <\/p>\n

\"HPE<\/p>\n

This German Walktrough<\/a> says, you need to select 'Microsoft Windows Server 2016' as operating system. The the category 'Software – Lights-Out Management (6)' schall apper. Select under 'Firmware – Lights-Out Management' <\/p>\n

\n

* RECOMMENDED * Online ROM Flash Component for Windows – HPE Integrated Lights-Out 4 (American) 2.54 7 Jul 2017 13.6<\/p>\n<\/blockquote>\n

But there are two identical entries, so use the one that downloads a file cp032623.exe<\/em>. Here is a direct link to download page. The .exe file is a self unpacking archiver, containing a .bin <\/em>file, that can be installed using iLO. <\/p>\n

\n

Use an unpacker like 7-ZIP to expand the files unter Linux or MacOS. Or download the firmware updates a rpm or scexe.<\/p>\n<\/blockquote>\n

Within this German comment<\/a> an administrator reports, that installing the firmware clears all settings. Perhaps it helps blog readers who are affected.<\/p>\n","protected":false},"excerpt":{"rendered":"

[German]The management software Integrated Lights-out 4 (iLO 4) for HP-Proliant Server has a critical vulnerability, allowing remote code execution on a system without login.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[448,463,580,22],"tags":[992,195,86],"class_list":["post-3553","post","type-post","status-publish","format-standard","hentry","category-devices","category-issue","category-security","category-update","tag-cve-2017-12542","tag-update","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/3553","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=3553"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/3553\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=3553"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=3553"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=3553"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}