CVE-2022-28626 : A local arbitrary code execution vulnerability was discovered in HPE Integrated

A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. A highly privileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality, integrity, and availability. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5).

Published 2022-08-12 15:15:14

Updated 2022-08-16 14:47:55

Source Hewlett Packard Enterprise (HPE)

View at NVD, CVE.org

Vulnerability category: Execute code

Products affected by CVE-2022-28626

HPE » Integrated Lights-out 5 Firmware
Versions before (<) 2.71
cpe:2.3:o:hpe:integrated_lights-out_5_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HPE » Apollo 2000 Gen10 Plus System » Version: N/A
When used together with: HPE » Apollo 4200 Gen10 Server » Version: N/A
When used together with: HPE » Apollo 4510 Gen10 System » Version: N/A
When used together with: HPE » Apollo 6500 Gen10 Plus System » Version: N/A
When used together with: HPE » Apollo 6500 Gen10 System » Version: N/A
When used together with: HPE » Apollo N2600 Gen10 Plus » Version: N/A
When used together with: HPE » Apollo N2800 Gen10 Plus » Version: N/A
When used together with: HPE » Apollo R2600 Gen10 » Version: N/A
When used together with: HPE » Apollo R2800 Gen10 » Version: N/A
When used together with: HPE » Edgeline E920 Server Blade » Version: N/A
When used together with: HPE » Edgeline E920d Server Blade » Version: N/A
When used together with: HPE » Edgeline E920t Server Blade » Version: N/A
When used together with: HPE » Proliant Bl460c Gen10 Server Blade » Version: N/A
When used together with: HPE » Proliant Dl110 Gen10 Plus Telco Server » Version: N/A
When used together with: HPE » Proliant Dl120 Gen10 Server » Version: N/A
When used together with: HPE » Proliant Dl160 Gen10 Server » Version: N/A
When used together with: HPE » Proliant Dl180 Gen10 Server » Version: N/A
When used together with: HPE » Proliant Dl20 Gen10 Plus Server » Version: N/A
When used together with: HPE » Proliant Dl20 Gen10 Server » Version: N/A
When used together with: HPE » Proliant Dl325 Gen10 Plus Server » Version: N/A
When used together with: HPE » Proliant Dl325 Gen10 Plus V2 Server » Version: N/A
When used together with: HPE » Proliant Dl325 Gen10 Server » Version: N/A
When used together with: HPE » Proliant Dl345 Gen10 Plus Server » Version: N/A
When used together with: HPE » Proliant Dl360 Gen10 Plus Server » Version: N/A
When used together with: HPE » Proliant Dl360 Gen10 Server » Version: N/A
When used together with: HPE » Proliant Dl365 Gen10 Plus Server » Version: N/A
When used together with: HPE » Proliant Dl380 Gen10 Plus Server » Version: N/A
When used together with: HPE » Proliant Dl380 Gen10 Server » Version: N/A
When used together with: HPE » Proliant Dl385 Gen10 Plus Server » Version: N/A
When used together with: HPE » Proliant Dl385 Gen10 Plus V2 Server » Version: N/A
When used together with: HPE » Proliant Dl385 Gen10 Server » Version: N/A
When used together with: HPE » Proliant Dl560 Gen10 Server » Version: N/A
When used together with: HPE » Proliant Dl580 Gen10 Server » Version: N/A
When used together with: HPE » Proliant Dx170r Gen10 Server » Version: N/A
When used together with: HPE » Proliant Dx190r Gen10 Server » Version: N/A
When used together with: HPE » Proliant Dx220n Gen10 Plus Server » Version: N/A
When used together with: HPE » Proliant Dx325 Gen10 Plus V2 Server » Version: N/A
When used together with: HPE » Proliant Dx360 Gen10 Plus Server » Version: N/A
When used together with: HPE » Proliant Dx360 Gen10 Server » Version: N/A
When used together with: HPE » Proliant Dx380 Gen10 Plus Server » Version: N/A
When used together with: HPE » Proliant Dx380 Gen10 Server » Version: N/A
When used together with: HPE » Proliant Dx385 Gen10 Plus Server » Version: N/A
When used together with: HPE » Proliant Dx385 Gen10 Plus V2 Server » Version: N/A
When used together with: HPE » Proliant Dx4200 Gen10 Server » Version: N/A
When used together with: HPE » Proliant Dx560 Gen10 Server » Version: N/A
When used together with: HPE » Proliant E910 Server Blade » Version: N/A
When used together with: HPE » Proliant E910t Server Blade » Version: N/A
When used together with: HPE » Proliant M750 Server Blade » Version: N/A
When used together with: HPE » Proliant Microserver Gen10 Plus » Version: N/A
When used together with: HPE » Proliant Ml110 Gen10 Server » Version: N/A
When used together with: HPE » Proliant Ml30 Gen10 Plus Server » Version: N/A
When used together with: HPE » Proliant Ml30 Gen10 Server » Version: N/A
When used together with: HPE » Proliant Ml350 Gen10 Server » Version: N/A
When used together with: HPE » Proliant Xl170r Gen10 Server » Version: N/A
When used together with: HPE » Proliant Xl190r Gen10 Server » Version: N/A
When used together with: HPE » Proliant Xl220n Gen10 Plus Server » Version: N/A
When used together with: HPE » Proliant Xl225n Gen10 Plus 1u Node » Version: N/A
When used together with: HPE » Proliant Xl230k Gen10 Server » Version: N/A
When used together with: HPE » Proliant Xl270d Gen10 Server » Version: N/A
When used together with: HPE » Proliant Xl290n Gen10 Plus Server » Version: N/A
When used together with: HPE » Proliant Xl420 Gen10 Server » Version: N/A
When used together with: HPE » Proliant Xl450 Gen10 Server » Version: N/A
When used together with: HPE » Proliant Xl645d Gen10 Plus Server » Version: N/A
When used together with: HPE » Proliant Xl675d Gen10 Plus Server » Version: N/A
When used together with: HPE » Proliant Xl925g Gen10 Plus Server » Version: N/A
When used together with: HPE » Storage File Controller » Version: N/A
When used together with: HPE » Storage Performance File Controller » Version: N/A
When used together with: HPE » Storeeasy 1460 Storage » Version: N/A
When used together with: HPE » Storeeasy 1560 Storage » Version: N/A
When used together with: HPE » Storeeasy 1660 Expanded Storage » Version: N/A
When used together with: HPE » Storeeasy 1660 Performance Storage » Version: N/A
When used together with: HPE » Storeeasy 1660 Storage » Version: N/A
When used together with: HPE » Storeeasy 1860 Performance Storage » Version: N/A
When used together with: HPE » Storeeasy 1860 Storage » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2022-28626

EPSS FAQ

0.05%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 16 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-28626

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.7	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	0.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

References for CVE-2022-28626

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04333en_us

Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2022-28626

Products affected by CVE-2022-28626

Exploit prediction scoring system (EPSS) score for CVE-2022-28626

CVSS scores for CVE-2022-28626

References for CVE-2022-28626