Vulnerabilities > CVE-2012-3271 - Information Disclosure vulnerability in HP products
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Unspecified vulnerability on the HP Integrated Lights-Out 3 (aka iLO3) with firmware before 1.50 and Integrated Lights-Out 4 (aka iLO4) with firmware before 1.13 allows remote attackers to obtain sensitive information via unknown vectors.
Vulnerable Configurations
Nessus
NASL family CGI abuses NASL id ILO_HPSBHF_02821.NASL description An information disclosure vulnerability exists in Integrated Lights-Out due to an unspecified vulnerability. An unauthenticated, remote attacker can exploit this to disclose potentially sensitive information. last seen 2020-06-01 modified 2020-06-02 plugin id 122189 published 2019-02-14 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122189 title iLO 3 < 1.50 / iLO 4 < 1.13 Information Disclosure Vulnerability code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(122189); script_version("1.4"); script_cvs_date("Date: 2019/10/31 15:18:51"); script_cve_id("CVE-2012-3271"); script_bugtraq_id(56597); script_name(english:"iLO 3 < 1.50 / iLO 4 < 1.13 Information Disclosure Vulnerability"); script_summary(english:"Checks version of HP Integrated Lights-Out (iLO)."); script_set_attribute(attribute:"synopsis", value: "The remote HP Integrated Lights-Out (iLO) server's web interface is affected by an information disclosure vulnerability."); script_set_attribute(attribute:"description", value: "An information disclosure vulnerability exists in Integrated Lights-Out due to an unspecified vulnerability. An unauthenticated, remote attacker can exploit this to disclose potentially sensitive information."); # https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c03515413&docLocale=en_US script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?6d1b5324"); script_set_attribute(attribute:"solution", value: "For iLO 3, upgrade firmware to 1.50 or later. For iLO 4, upgrade firmware to 1.13 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-3271"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/11/19"); script_set_attribute(attribute:"patch_publication_date", value:"2012/11/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/14"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:integrated_lights-out_firmware"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ilo_detect.nasl"); script_require_keys("www/ilo", "ilo/generation", "ilo/firmware"); script_require_ports("Services/www", 80); exit(0); } include('http.inc'); include('vcf.inc'); include('vcf_extras.inc'); port = get_http_port(default:80, embedded: TRUE); app_info = vcf::get_app_info(app:'ilo', port:port, webapp:TRUE); constraints = [ {'generation' : '3', 'fixed_version' : '1.50'}, {'generation' : '4', 'fixed_version' : '1.13'} ]; vcf::ilo::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);NASL family Misc. NASL id ILO_INFO_DISCLOSURE.NASL description According to its version number, the remote HP Integrated Lights-Out (iLO) server is affected by an unspecified information disclosure vulnerability. last seen 2020-06-01 modified 2020-06-02 plugin id 69816 published 2013-09-09 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69816 title iLO 3 < 1.50 / iLO 4 < 1.13 Unspecified Information Disclosure code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(69816); script_version("1.2"); script_cvs_date("Date: 2018/07/12 19:01:16"); script_cve_id("CVE-2012-3271"); script_bugtraq_id(56597); script_name(english:"iLO 3 < 1.50 / iLO 4 < 1.13 Unspecified Information Disclosure"); script_summary(english:"Checks version of HP Integrated Lights-Out (iLO)."); script_set_attribute(attribute:"synopsis", value: "The remote HP Integrated Lights-Out (iLO) server has an unspecified information disclosure vulnerability."); script_set_attribute(attribute:"description", value: "According to its version number, the remote HP Integrated Lights-Out (iLO) server is affected by an unspecified information disclosure vulnerability."); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03515413 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2300d65c"); script_set_attribute(attribute:"solution", value: "For HP Integrated Lights-Out (iLO) 3, upgrade firmware to 1.50 or later. For iLO 4, upgrade firmware to 1.13 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/11/19"); script_set_attribute(attribute:"patch_publication_date", value:"2012/10/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/09"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:integrated_lights-out_3_firmware"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:integrated_lights-out_4_firmware"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc."); script_dependencies("ilo_detect.nasl"); script_require_keys("Settings/ParanoidReport", "ilo/generation", "ilo/firmware"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); if (report_paranoia < 2) audit(AUDIT_PARANOID); # Each generation has its own series of firmware version numbers. generation = get_kb_item_or_exit("ilo/generation"); version = get_kb_item_or_exit("ilo/firmware"); # Firmware is unique to the generation of iLO. if (generation == 3) fixed_version = "1.50"; else if (generation == 4) fixed_version = "1.13"; else audit(AUDIT_INST_VER_NOT_VULN, "iLO " + generation, version); if (ver_compare(ver:version, fix:fixed_version, strict:FALSE) >= 0) audit(AUDIT_INST_VER_NOT_VULN, "iLO " + generation, version); report = NULL; if (report_verbosity > 0) { report = '\n Generation : ' + generation + '\n Firmware version : ' + version + '\n Fixed version : ' + fixed_version + '\n'; } # Which service/port is vulnerable is unspecified in the bulletin. security_hole(port:0, extra:report);