Vulnerabilities > CVE-2023-50272 - Unspecified vulnerability in HPE products

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

hpe

critical

NVD

Published: 2023-12-19

Updated: 2023-12-28

Summary

A potential security vulnerability has been identified in HPE Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 6 (iLO 6). The vulnerability could be remotely exploited to allow authentication bypass.

Vulnerable Configurations

Part	Description	Count
OS	Hpe HPE Integrated Lights OUT 5 Firmware 2.63 HPE Integrated Lights OUT 5 Firmware 2.71 HPE Integrated Lights OUT 5 Firmware 3.00 HPE Integrated Lights OUT 6 Firmware 1.05 HPE Integrated Lights OUT 6 Firmware 1.55	5
Hardware	Hpe HPE Integrated Lights OUT 5 - HPE Integrated Lights OUT 6 -	2

References

https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04584en_us