CVE-2022-28633 : A local disclosure of sensitive information and a local unauthorized data modifi

A local disclosure of sensitive information and a local unauthorized data modification vulnerability were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could locally exploit this vulnerability to read and write to the iLO 5 firmware file system resulting in a complete loss of confidentiality and a partial loss of integrity and availability. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5).

Published 2022-08-12 15:15:14

Updated 2022-08-16 14:38:15

Source Hewlett Packard Enterprise (HPE)

View at NVD, CVE.org

Products affected by CVE-2022-28633

HPE » Integrated Lights-out 5 Firmware
Versions before (<) 2.71
cpe:2.3:o:hpe:integrated_lights-out_5_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HPE » Apollo 2000 Gen10 Plus System » Version: N/A
When used together with: HPE » Apollo 4200 Gen10 Server » Version: N/A
When used together with: HPE » Apollo 4510 Gen10 System » Version: N/A
When used together with: HPE » Apollo 6500 Gen10 Plus System » Version: N/A
When used together with: HPE » Apollo 6500 Gen10 System » Version: N/A
When used together with: HPE » Apollo N2600 Gen10 Plus » Version: N/A
When used together with: HPE » Apollo N2800 Gen10 Plus » Version: N/A
When used together with: HPE » Apollo R2600 Gen10 » Version: N/A
When used together with: HPE » Apollo R2800 Gen10 » Version: N/A
When used together with: HPE » Edgeline E920 Server Blade » Version: N/A
When used together with: HPE » Edgeline E920d Server Blade » Version: N/A
When used together with: HPE » Edgeline E920t Server Blade » Version: N/A
When used together with: HPE » Proliant Bl460c Gen10 Server Blade » Version: N/A
When used together with: HPE » Proliant Dl110 Gen10 Plus Telco Server » Version: N/A
When used together with: HPE » Proliant Dl120 Gen10 Server » Version: N/A
When used together with: HPE » Proliant Dl160 Gen10 Server » Version: N/A
When used together with: HPE » Proliant Dl180 Gen10 Server » Version: N/A
When used together with: HPE » Proliant Dl20 Gen10 Plus Server » Version: N/A
When used together with: HPE » Proliant Dl20 Gen10 Server » Version: N/A
When used together with: HPE » Proliant Dl325 Gen10 Plus Server » Version: N/A
When used together with: HPE » Proliant Dl325 Gen10 Plus V2 Server » Version: N/A
When used together with: HPE » Proliant Dl325 Gen10 Server » Version: N/A
When used together with: HPE » Proliant Dl345 Gen10 Plus Server » Version: N/A
When used together with: HPE » Proliant Dl360 Gen10 Plus Server » Version: N/A
When used together with: HPE » Proliant Dl360 Gen10 Server » Version: N/A
When used together with: HPE » Proliant Dl365 Gen10 Plus Server » Version: N/A
When used together with: HPE » Proliant Dl380 Gen10 Plus Server » Version: N/A
When used together with: HPE » Proliant Dl380 Gen10 Server » Version: N/A
When used together with: HPE » Proliant Dl385 Gen10 Plus Server » Version: N/A
When used together with: HPE » Proliant Dl385 Gen10 Plus V2 Server » Version: N/A
When used together with: HPE » Proliant Dl385 Gen10 Server » Version: N/A
When used together with: HPE » Proliant Dl560 Gen10 Server » Version: N/A
When used together with: HPE » Proliant Dl580 Gen10 Server » Version: N/A
When used together with: HPE » Proliant Dx170r Gen10 Server » Version: N/A
When used together with: HPE » Proliant Dx190r Gen10 Server » Version: N/A
When used together with: HPE » Proliant Dx220n Gen10 Plus Server » Version: N/A
When used together with: HPE » Proliant Dx325 Gen10 Plus V2 Server » Version: N/A
When used together with: HPE » Proliant Dx360 Gen10 Plus Server » Version: N/A
When used together with: HPE » Proliant Dx360 Gen10 Server » Version: N/A
When used together with: HPE » Proliant Dx380 Gen10 Plus Server » Version: N/A
When used together with: HPE » Proliant Dx380 Gen10 Server » Version: N/A
When used together with: HPE » Proliant Dx385 Gen10 Plus Server » Version: N/A
When used together with: HPE » Proliant Dx385 Gen10 Plus V2 Server » Version: N/A
When used together with: HPE » Proliant Dx4200 Gen10 Server » Version: N/A
When used together with: HPE » Proliant Dx560 Gen10 Server » Version: N/A
When used together with: HPE » Proliant E910 Server Blade » Version: N/A
When used together with: HPE » Proliant E910t Server Blade » Version: N/A
When used together with: HPE » Proliant M750 Server Blade » Version: N/A
When used together with: HPE » Proliant Microserver Gen10 Plus » Version: N/A
When used together with: HPE » Proliant Ml110 Gen10 Server » Version: N/A
When used together with: HPE » Proliant Ml30 Gen10 Plus Server » Version: N/A
When used together with: HPE » Proliant Ml30 Gen10 Server » Version: N/A
When used together with: HPE » Proliant Ml350 Gen10 Server » Version: N/A
When used together with: HPE » Proliant Xl170r Gen10 Server » Version: N/A
When used together with: HPE » Proliant Xl190r Gen10 Server » Version: N/A
When used together with: HPE » Proliant Xl220n Gen10 Plus Server » Version: N/A
When used together with: HPE » Proliant Xl225n Gen10 Plus 1u Node » Version: N/A
When used together with: HPE » Proliant Xl230k Gen10 Server » Version: N/A
When used together with: HPE » Proliant Xl270d Gen10 Server » Version: N/A
When used together with: HPE » Proliant Xl290n Gen10 Plus Server » Version: N/A
When used together with: HPE » Proliant Xl420 Gen10 Server » Version: N/A
When used together with: HPE » Proliant Xl450 Gen10 Server » Version: N/A
When used together with: HPE » Proliant Xl645d Gen10 Plus Server » Version: N/A
When used together with: HPE » Proliant Xl675d Gen10 Plus Server » Version: N/A
When used together with: HPE » Proliant Xl925g Gen10 Plus Server » Version: N/A
When used together with: HPE » Storage File Controller » Version: N/A
When used together with: HPE » Storage Performance File Controller » Version: N/A
When used together with: HPE » Storeeasy 1460 Storage » Version: N/A
When used together with: HPE » Storeeasy 1560 Storage » Version: N/A
When used together with: HPE » Storeeasy 1660 Expanded Storage » Version: N/A
When used together with: HPE » Storeeasy 1660 Performance Storage » Version: N/A
When used together with: HPE » Storeeasy 1660 Storage » Version: N/A
When used together with: HPE » Storeeasy 1860 Performance Storage » Version: N/A
When used together with: HPE » Storeeasy 1860 Storage » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2022-28633

EPSS FAQ

0.07%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 22 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-28633

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.3	HIGH	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L	2.5	4.7	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: Low Availability: Low

References for CVE-2022-28633

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04333en_us

Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2022-28633

Products affected by CVE-2022-28633

Exploit prediction scoring system (EPSS) score for CVE-2022-28633

CVSS scores for CVE-2022-28633

References for CVE-2022-28633