Vulnerabilities > CVE-2018-7078 - Unspecified vulnerability in HP products
Attack vector
NETWORK Attack complexity
LOW Privileges required
HIGH Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
A remote code execution was identified in HPE Integrated Lights-Out 4 (iLO 4) earlier than version v2.60 and HPE Integrated Lights-Out 5 (iLO 5) earlier than version v1.30.
Vulnerable Configurations
Nessus
| NASL family | CGI abuses |
| NASL id | ILO_HPESBHF_03844.NASL |
| description | According to its version number, the remote HP Integrated Lights-Out (iLO) server is affected by multiple vulnerabilities: - A remote command execution vulnerability exists in HP Integrated Lights-Out (iLO) server due to an unspecified reason. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands on the server (CVE-2018-7078). - A denial of service (DoS) vulnerability exists in HP Integrated Lights-Out (iLO) server due to unspecified reason. An unauthenticated, remote attacker can exploit this issue to cause the application to stop responding (CVE-2018-7101). |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 122032 |
| published | 2019-02-08 |
| reporter | This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/122032 |
| title | iLO 4 < 2.60 / iLO 5 < 1.30 Multiple Vulnerabilities |