“Otherwise, administrators should take great care to keep their systems up to date whenever possible. “If they are not actively used, completely disabling the feature is a good practice,” the paper noted. According to the bulletin, only HP iLO 4 servers running firmware version 2.53 or earlier were affected. Admins can find the original HPE security bulletin here. The vulnerability ( CVE-2017-12542) is rated a 9.8 out of 10, making it critical.Ī noted by BleepingComputer, the vulnerability was discovered in early 2017 and was actually patched in August 2017. Using this exploit, someone could find cleartext user credentials, change the iLO firmware, or execute malicious code, the paper said. SEE: Network security policy (Tech Pro Research)Ĭurl -H "Connection: AAAAAAAAAAAAAAAAAAAAAAAAAAAAA" According to the paper, the vulnerability can be exploited remotely as well. Want to know how easy it is to bypass authentication measures in an HPE Integrated Lights-Out 4 (iLO 4) server? Make a cURL request and then type the letter “A” 29 times.Īs noted by BleepingComputer, the vulnerability affecting these servers was found last year by a group of three security researchers, who detailed their findings in a research paper.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |