CVE-2015-5436 : A potential security vulnerability has been identified with HP Integrated Lights

A potential security vulnerability has been identified with HP Integrated Lights-Out 4 (iLO 4) firmware version 2.11 and later, but prior to version 2.30. The vulnerability could be exploited remotely resulting in Denial of Service (DoS). Note this was originally published in 2015 however the CVE entry was added in 2020.

Published 2017-05-11 14:29:47

Updated 2023-02-14 19:24:58

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2015-5436

HP » Integrated Lights-out Firmware
Versions before (<) 2.30
cpe:2.3:o:hp:integrated_lights-out_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Integrated Lights-out 4 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2015-5436

EPSS FAQ

0.55%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 65 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2015-5436

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.8	HIGH	AV:N/AC:L/Au:N/C:N/I:N/A:C	10.0	6.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

References for CVE-2015-5436

https://support.hpe.com/hpesc/public/docDisplay?docId=emr_na-c04806165

HPSBHF03423 rev.1 - HP Integrated Lights-Out 4 (iLO 4), Remote Denial of Service (DoS)
Vendor Advisory

Jump to

Vulnerability Details : CVE-2015-5436

Products affected by CVE-2015-5436

Exploit prediction scoring system (EPSS) score for CVE-2015-5436

CVSS scores for CVE-2015-5436

References for CVE-2015-5436