Vulnerability Details : CVE-2018-7105
A security vulnerability in HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers prior to v1.35, HPE Integrated Lights-Out 4 (iLO 4) prior to v2.61, HPE Integrated Lights-Out 3 (iLO 3) prior to v1.90 could be remotely exploited to execute arbitrary code leading to disclosure of information.
Vulnerability category: Execute code
Products affected by CVE-2018-7105
- cpe:2.3:o:hp:integrated_lights-out_3_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:integrated_lights-out_4_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:integrated_lights-out_5_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-7105
0.53%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 77 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-7105
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.0
|
HIGH | AV:N/AC:L/Au:S/C:C/I:C/A:C |
8.0
|
10.0
|
NIST | |
7.2
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
1.2
|
5.9
|
NIST |
References for CVE-2018-7105
-
http://www.securityfocus.com/bid/105425
HP Integrated Lights-Out Local Privilege Escalation and Information Disclosure VulnerabilitiesThird Party Advisory;VDB Entry
-
http://www.securitytracker.com/id/1041649
HPE integrated Lights Out (iLO) Unspecified Bugs Let Remote Users Execute Arbitrary Code and Obtain Potentially Sensitive Information - SecurityTrackerThird Party Advisory;VDB Entry
-
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03866en_us
HPESBHF03866 rev.2 - HPE Integrated Lights-Out 3,4,5 using SSH, Remote Execution of Arbitrary Code, Local Disclosure of Sensitive InformationMitigation;Vendor Advisory
Jump to