Vulnerabilities > CVE-2014-2601 - Remote Denial of Service vulnerability in HP Integrated Lights-Out
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
The server in HP Integrated Lights-Out 2 (aka iLO 2) 2.23 and earlier allows remote attackers to cause a denial of service via crafted HTTPS traffic, as demonstrated by traffic from a CVE-2014-0160 vulnerability-assessment tool.
Vulnerable Configurations
Nessus
NASL family CGI abuses NASL id ILO_V2_DOS.NASL description According to its version number, the remote HP Integrated Lights-Out 2 (iLO 2) server is affected by a denial of service vulnerability. While iLO 2 is not affected by the Heartbleed vulnerability, network traffic from generated by tools used to test for that may cause this device to crash. last seen 2020-06-01 modified 2020-06-02 plugin id 73918 published 2014-05-08 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73918 title HP iLO 2 <= 2.23 DoS NASL family CGI abuses NASL id ILO_HPSBHF_03006.NASL description A denial of service (DoS) vulnerability exists in Integrated Lights-Out (iLO) 2 due to incorrect handling of https traffic. An unauthenticated, remote attacker can exploit this issue to cause the application to stop responding. last seen 2020-06-01 modified 2020-06-02 plugin id 122257 published 2019-02-18 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122257 title iLO 2 <= 2.23 Denial of Service Vulnerability
References
- http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04249852-1
- http://www.securitytracker.com/id/1030148
- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04244787
- https://isc.sans.edu/forums/diary/Be+Careful+what+you+Scan+for/18017/