HP Integrated Lights-Out Server Denial Of Service Vulnerability
9 Jun. 2014
The server in HP Integrated Lights-Out 2 (aka iLO 2) 2.23 and earlier allows remote attackers to cause a denial of service via crafted HTTPS traffic, as demonstrated by traffic from a CVE-2014-0160 vulnerability-assessment tool.
The information has been provided by Rob VandenBrink of Metafore.
* HP Integrated Lights-Out 2 (aka iLO 2) 2.23 and earlier
* HP Integrated Lights-Out 2 (aka iLO 2) 2.24 and later
A vulnerability was reported in HP integrated Lights Out (iLO). A remote user can cause denial of service conditions.
A remote user can conduct a scan to check for the OpenSSL "Heartbleed" vulnerability to trigger a flaw in the embedded RSA SSL libraries and cause the management interface to become unresponsive. The operating system will continue to function properly.
The system is not affected by the OpenSSL "Heartbleed" vulnerability.
Power must be physically removed from the target server to initiate a full restart and return the management interface to normal operations.