Vulnerabilities > CVE-2018-7105 - Unspecified vulnerability in HP products

CVSS 7.2 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

nessus

NVD

Published: 2018-09-27

Updated: 2019-10-03

Summary

A security vulnerability in HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers prior to v1.35, HPE Integrated Lights-Out 4 (iLO 4) prior to v2.61, HPE Integrated Lights-Out 3 (iLO 3) prior to v1.90 could be remotely exploited to execute arbitrary code leading to disclosure of information.

Vulnerable Configurations

Part	Description	Count
OS	Hp HP Integrated Lights OUT 5 Firmware 1.30 HP Integrated Lights OUT 3 Firmware 1.00 HP Integrated Lights OUT 3 Firmware 1.05 HP Integrated Lights OUT 3 Firmware 1.20 HP Integrated Lights OUT 3 Firmware 1.26 HP Integrated Lights OUT 3 Firmware 1.28 HP Integrated Lights OUT 3 Firmware 1.50 HP Integrated Lights OUT 3 Firmware 1.55 HP Integrated Lights OUT 3 Firmware 1.80 HP Integrated Lights OUT 3 Firmware 1.87 HP Integrated Lights OUT 3 Firmware 1.88 HP Integrated Lights OUT 3 Firmware 1.89 HP Integrated Lights OUT 4 Firmware 1.11 HP Integrated Lights OUT 4 Firmware 1.13 HP Integrated Lights OUT 4 Firmware 1.20 HP Integrated Lights OUT 4 Firmware 1.51 HP Integrated Lights OUT 4 Firmware 1.52 HP Integrated Lights OUT 4 Firmware 1.58 HP Integrated Lights OUT 4 Firmware 2.01 HP Integrated Lights OUT 4 Firmware 2.03 HP Integrated Lights OUT 4 Firmware 2.30 HP Integrated Lights OUT 4 Firmware 2.43 HP Integrated Lights OUT 4 Firmware 2.53 HP Integrated Lights OUT 4 Firmware 2.54 HP Integrated Lights OUT 4 Firmware 2.55 HP Integrated Lights OUT 4 Firmware 2.55B HP Integrated Lights OUT 4 Firmware 2.60	27
Hardware	Hp HP GEN 10 Servers - HP Integrated Lights OUT -	2

Nessus

NASL family	CGI abuses
NASL id	ILO_HPESBHF_03866.NASL
description	A remote command execution vulnerability exists in HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers prior to v1.35, HPE Integrated Lights-Out 4 (iLO 4) prior to v2.61, HPE Integrated Lights-Out 3 (iLO 3) prior to v1.90 could be remotely exploited to execute arbitrary code leading to disclosure of information. An authenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands.
last seen	2020-04-01
modified	2020-03-27
plugin id	134976
published	2020-03-27
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/134976
title	iLO 3 < 1.90 / iLO 4 < 2.61 / iLO 5 < 1.35 Remote Code Execution Vulnerability (HPESBHF03866)
code	# # (C) Tenable Network Security, Inc. # # # (C) Tenable Network Security, Inc. # include('compat.inc'); if (description) { script_id(134976); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/31"); script_cve_id("CVE-2018-7105"); script_bugtraq_id(105425); script_name(english:"iLO 3 < 1.90 / iLO 4 < 2.61 / iLO 5 < 1.35 Remote Code Execution Vulnerability (HPESBHF03866)"); script_set_attribute(attribute:"synopsis", value: "The remote HP Integrated Lights-Out (iLO) server's web interface is affected by a remote code execution vulnerability."); script_set_attribute(attribute:"description", value: "A remote command execution vulnerability exists in HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers prior to v1.35, HPE Integrated Lights-Out 4 (iLO 4) prior to v2.61, HPE Integrated Lights-Out 3 (iLO 3) prior to v1.90 could be remotely exploited to execute arbitrary code leading to disclosure of information. An authenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands."); # https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=emr_na-hpesbhf03866en_us script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?27f0bcb2"); script_set_attribute(attribute:"solution", value: "Upgrade firmware of For iLO 3, upgrade firmware to 1.90 or later. For iLO 4, upgrade firmware to 2.61 or later. For iLO 5, upgrade firmware to 1.35 or later. Alternatively, apply the workarounds outlined in the vendor advisory."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-7105"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/09/13"); script_set_attribute(attribute:"patch_publication_date", value:"2017/08/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/27"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:integrated_lights-out_firmware"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ilo_detect.nasl"); script_require_keys("www/ilo", "ilo/generation", "ilo/firmware"); script_require_ports("Services/www", 80); exit(0); } include('http.inc'); include('vcf.inc'); include('vcf_extras.inc'); port = get_http_port(default:80, embedded: TRUE); app_info = vcf::get_app_info(app:'ilo', port:port, webapp:TRUE); constraints = [ {'generation': '3', 'fixed_version' : '1.90'}, {'generation': '4', 'fixed_version' : '2.61'}, {'generation': '5', 'fixed_version' : '1.35'} ]; vcf::ilo::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);

Summary

Vulnerable Configurations

Nessus

References