HomePentest-Tools.com Logo

HP Integrated Lights-Out (iLO) 3 Information Disclosure Vulnerability CVE-2016-4379

Severity
CVSSv3 Score
3.7
Vulnerability description

HP Integrated Lights-Out (iLO) 3 is prone to an information disclosure vulnerability.

Risk description

The TLS implementation in HPE Integrated Lights-Out 3 firmware does no properly use a MAC protection mechanism in conjunction with CBC padding, which allows remote attackers to obtain sensitive information via a padding-oracle attack, aka a Vaudenay attack.

Recommendation

HPE has provided firmware updates to resolve this vulnerability. iLO 3 version v1.88 or subsequent.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Sep 8, 2016
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available