Details of VAR-201802-0319

ID

VAR-201802-0319

CVE

CVE-2017-12542

TITLE

HPE Integrated Lights-out 4 Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2017-012642

DESCRIPTION

A authentication bypass and execution of code vulnerability in HPE Integrated Lights-out 4 (iLO 4) version prior to 2.53 was found. HPE Integrated Lights-out 4 (iLO 4) Has unspecified vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HP Integrated Lights-Out is prone to following security vulnerabilities: 1. An unspecified remote code-execution vulnerability 2. An unspecified authentication-bypass vulnerability An attacker can exploit these issues to execute arbitrary code in the context of the user running the affected application,bypass security restrictions, or execute arbitrary code. HP Integrated Lights-Out 4 (iLO 4) is an embedded server management technology of Hewlett-Packard (HP), which monitors and maintains the running status of the server, remotely manages the server, etc. through an integrated remote management port. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03769en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbhf03769en_us Version: 1 HPESBHF03769 rev.1 - HPE Integrated Lights-out 4 (iLO 4) Multiple Remote Vulnerabilities NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. References: - CVE-2017-12542 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. - HP Integrated Lights-Out 4 (iLO 4), Prior to 2.53 BACKGROUND CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector CVE-2017-12542 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) Information on CVSS is documented in HPE Customer Notice HPSN-2008-002 here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499 Hewlett Packard Enterprise would like to thank Fabien Perigaud of Airbus Defense and Space CyberSecurity for reporting this vulnerability. * The firmware is available at <http://www.hpe.com/support/ilo4> HISTORY Version:1 (rev.1) - 24 August 2017 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com. Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX Copyright 2016 Hewlett Packard Enterprise Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJZnewMAAoJELXhAxt7SZaiW6QH/3Zf7Af6Z/yTdD3x5CkgrHX/ FGwCyI+kMFa081Cikv3doscxkrWkTB+Y1TMusixocCEJGDdbSrRKxhE/akaaR22T kLnFrl5AlMEYqZp/szjuU8EldoBSH3cZq4KPqwLa6EbD40ibexV/MjzfUaT5vVeU /PrvKA0s1KNVosueJ1M7CXk59C1zJ0weJS3A+4tXp61A58m+31qYRSdAtcgUFhqe K1sgJ+mYALgqV7QCxc1hDR32m+oekty8CbyUElYk6Jy+izwXIFFc7n7O1nixFbiJ TGt+VLcl3reQv5xzelsaTxUyj8ZmSzTrpA9Ly0uf+xYObwSZ9RTrRWcDQC73Fww= =/mQI -----END PGP SIGNATURE-----

Trust: 2.16

sources: NVD: CVE-2017-12542 // JVNDB: JVNDB-2017-012642 // BID: 100467 // VULHUB: VHN-103075 // VULMON: CVE-2017-12542 // PACKETSTORM: 143900

AFFECTED PRODUCTS

vendor:	hp	model:	integrated lights-out 4	scope:	lt	version:	2.53	Trust: 1.0
vendor:	hewlett packard	model:	hpe integrated lights-out 4	scope:	lt	version:	2.53	Trust: 0.8
vendor:	hp	model:	integrated lights-out 4	scope:	eq	version:	2.03	Trust: 0.6
vendor:	hp	model:	integrated lights-out 4	scope:	eq	version:	1.13	Trust: 0.6
vendor:	hp	model:	integrated lights-out 4	scope:	eq	version:	1.11	Trust: 0.6
vendor:	hp	model:	integrated lights-out 4	scope:	eq	version:	1.20	Trust: 0.6
vendor:	hp	model:	integrated lights-out 4	scope:	eq	version:	2.01	Trust: 0.6
vendor:	hp	model:	integrated lights-out	scope:	eq	version:	42.50	Trust: 0.3
vendor:	hp	model:	integrated lights-out	scope:	eq	version:	42.44	Trust: 0.3
vendor:	hp	model:	integrated lights-out	scope:	eq	version:	42.22	Trust: 0.3
vendor:	hp	model:	integrated lights-out	scope:	eq	version:	42.20	Trust: 0.3
vendor:	hp	model:	integrated lights-out	scope:	eq	version:	42.03	Trust: 0.3
vendor:	hp	model:	integrated lights-out	scope:	eq	version:	41.32	Trust: 0.3
vendor:	hp	model:	integrated lights-out	scope:	eq	version:	41.30	Trust: 0.3
vendor:	hp	model:	integrated lights-out	scope:	eq	version:	41.22	Trust: 0.3
vendor:	hp	model:	integrated lights-out	scope:	eq	version:	41.13	Trust: 0.3
vendor:	hp	model:	integrated lights-out	scope:	eq	version:	41.11	Trust: 0.3
vendor:	hp	model:	integrated lights-out	scope:	eq	version:	42.10	Trust: 0.3
vendor:	hp	model:	integrated lights-out	scope:	ne	version:	42.53	Trust: 0.3

sources: BID: 100467 // JVNDB: JVNDB-2017-012642 // CNNVD: CNNVD-201708-1107 // NVD: CVE-2017-12542

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-12542
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2017-12542
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201708-1107
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-103075
value:	HIGH
Trust: 0.1
VULMON:	CVE-2017-12542
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-12542
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-103075
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-12542
baseSeverity:	CRITICAL
baseScore:	10.0
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	6.0
version:	3.0
Trust: 1.0
NVD:	CVE-2017-12542
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-103075 // VULMON: CVE-2017-12542 // JVNDB: JVNDB-2017-012642 // CNNVD: CNNVD-201708-1107 // NVD: CVE-2017-12542

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2017-12542

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201708-1107

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201708-1107

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-012642

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-103075 // VULMON: CVE-2017-12542

PATCH

title:	HPESBHF03769	url:	https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03769en_us	Trust: 0.8
title:	HP Integrated Lights-Out 4 Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74289	Trust: 0.6
title:	ilo4-rce-vuln-scanner	url:	https://github.com/sk1dish/ilo4-rce-vuln-scanner	Trust: 0.1
title:	psBerries	url:	https://github.com/marcobellaccini/psBerries	Trust: 0.1
title:	CVE-2017-12542	url:	https://github.com/skelsec/CVE-2017-12542	Trust: 0.1
title:	shodan_queries	url:	https://github.com/tristisranae/shodan_queries	Trust: 0.1
title:	awesome-shodan-queries	url:	https://github.com/blackunixteam/awesome-shodan-queries	Trust: 0.1
title:	-jakejarvis-awesome-shodan-queries-	url:	https://github.com/SoumyaJas2324/-jakejarvis-awesome-shodan-queries-	Trust: 0.1
title:	awesome-shodan-queries	url:	https://github.com/jakejarvis/awesome-shodan-queries	Trust: 0.1
title:	kenzer-templates	url:	https://github.com/ARPSyndicate/kenzer-templates	Trust: 0.1
title:	kenzer-templates	url:	https://github.com/Elsfa7-110/kenzer-templates	Trust: 0.1
title:	Exp101tsArchiv30thers	url:	https://github.com/nu11secur1ty/Exp101tsArchiv30thers	Trust: 0.1
title:	awesome-cve-poc_qazbnm456	url:	https://github.com/xbl3/awesome-cve-poc_qazbnm456	Trust: 0.1
title:	BleepingComputer	url:	https://www.bleepingcomputer.com/news/security/you-can-bypass-authentication-on-hpe-ilo4-servers-with-29-a-characters/	Trust: 0.1

sources: VULMON: CVE-2017-12542 // JVNDB: JVNDB-2017-012642 // CNNVD: CNNVD-201708-1107

EXTERNAL IDS

db:	NVD	id:	CVE-2017-12542	Trust: 3.0
db:	BID	id:	100467	Trust: 1.5
db:	EXPLOIT-DB	id:	44005	Trust: 1.2
db:	SECTRACK	id:	1039222	Trust: 1.2
db:	JVNDB	id:	JVNDB-2017-012642	Trust: 0.8
db:	CNNVD	id:	CNNVD-201708-1107	Trust: 0.7
db:	CXSECURITY	id:	WLB-2018020121	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.0212	Trust: 0.6
db:	PACKETSTORM	id:	143900	Trust: 0.2
db:	PACKETSTORM	id:	146303	Trust: 0.1
db:	SEEBUG	id:	SSVID-97126	Trust: 0.1
db:	VULHUB	id:	VHN-103075	Trust: 0.1
db:	VULMON	id:	CVE-2017-12542	Trust: 0.1

sources: VULHUB: VHN-103075 // VULMON: CVE-2017-12542 // BID: 100467 // JVNDB: JVNDB-2017-012642 // PACKETSTORM: 143900 // CNNVD: CNNVD-201708-1107 // NVD: CVE-2017-12542

REFERENCES

url:	http://www.securityfocus.com/bid/100467	Trust: 1.3
url:	https://www.exploit-db.com/exploits/44005/	Trust: 1.3
url:	https://support.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbhf03769en_us	Trust: 1.2
url:	http://www.securitytracker.com/id/1039222	Trust: 1.2
url:	https://nvd.nist.gov/vuln/detail/cve-2017-12542	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12542	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2022.0212	Trust: 0.6
url:	https://cxsecurity.com/issue/wlb-2018020121	Trust: 0.6
url:	https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbhf03769en_us	Trust: 0.4
url:	http://www.hp.com	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://github.com/sk1dish/ilo4-rce-vuln-scanner	Trust: 0.1
url:	https://tools.cisco.com/security/center/viewalert.x?alertid=54930	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	http://www.hpe.com/support/security_bulletin_archive	Trust: 0.1
url:	https://www.hpe.com/info/report-security-vulnerability	Trust: 0.1
url:	https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499	Trust: 0.1
url:	http://www.hpe.com/support/ilo4>	Trust: 0.1
url:	http://www.hpe.com/support/subscriber_choice	Trust: 0.1

sources: VULHUB: VHN-103075 // VULMON: CVE-2017-12542 // BID: 100467 // JVNDB: JVNDB-2017-012642 // PACKETSTORM: 143900 // CNNVD: CNNVD-201708-1107 // NVD: CVE-2017-12542

CREDITS

skelsec

Trust: 0.6

sources: CNNVD: CNNVD-201708-1107

SOURCES

db:	VULHUB	id:	VHN-103075
db:	VULMON	id:	CVE-2017-12542
db:	BID	id:	100467
db:	JVNDB	id:	JVNDB-2017-012642
db:	PACKETSTORM	id:	143900
db:	CNNVD	id:	CNNVD-201708-1107
db:	NVD	id:	CVE-2017-12542

LAST UPDATE DATE

2024-11-23T22:12:40.656000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-103075	date:	2018-07-23T00:00:00
db:	VULMON	id:	CVE-2017-12542	date:	2018-07-23T00:00:00
db:	BID	id:	100467	date:	2017-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2017-012642	date:	2018-03-29T00:00:00
db:	CNNVD	id:	CNNVD-201708-1107	date:	2022-01-17T00:00:00
db:	NVD	id:	CVE-2017-12542	date:	2024-11-21T03:09:43.333

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-103075	date:	2018-02-15T00:00:00
db:	VULMON	id:	CVE-2017-12542	date:	2018-02-15T00:00:00
db:	BID	id:	100467	date:	2017-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2017-012642	date:	2018-03-29T00:00:00
db:	PACKETSTORM	id:	143900	date:	2017-08-24T23:24:00
db:	CNNVD	id:	CNNVD-201708-1107	date:	2017-08-25T00:00:00
db:	NVD	id:	CVE-2017-12542	date:	2018-02-15T22:29:04.263