|
|
Credit:
The information has been provided by Rob VandenBrink of Metafore.
|
|
Vulnerable Systems:
* HP Integrated Lights-Out 2 (aka iLO 2) 2.23 and earlier
Immune Systems:
* HP Integrated Lights-Out 2 (aka iLO 2) 2.24 and later
A vulnerability was reported in HP integrated Lights Out (iLO). A remote user can cause denial of service conditions.
A remote user can conduct a scan to check for the OpenSSL "Heartbleed" vulnerability to trigger a flaw in the embedded RSA SSL libraries and cause the management interface to become unresponsive. The operating system will continue to function properly.
The system is not affected by the OpenSSL "Heartbleed" vulnerability.
Power must be physically removed from the target server to initiate a full restart and return the management interface to normal operations.
iLO 3 and iLO 4 are not affected.
CVE Information:
CVE-2014-2601
Disclosure Timeline:
Original release date: 04/24/2014
Last revised: 05/05/2014
|
|