CIS Logo
tagline: Confidence in the Connected World
HomeResourcesAdvisoriesA Vulnerability in HPE iLO4 Servers Could Allow for Remote Code Execution

A Vulnerability in HPE iLO4 Servers Could Allow for Remote Code Execution

MS-ISAC ADVISORY NUMBER:

2018-075

DATE(S) ISSUED:

07/06/2018

OVERVIEW:

A vulnerability has been discovered in HPE Integrated Lights-Out 4 (iLO 4) servers, which could allow for remote code execution. HPE iLO 4 is an embedded server management tool used for out-of-band management. Successful exploitation of this vulnerability could result in remote code execution or authentication bypass. Successful exploitation of the vulnerability could result in the extraction of plaintext passwords, addition of an administrator account, execution of malicious code, or replacement of iLO firmware.

THREAT INTELLIGENCE:

This vulnerability (CVE-2017-12542) was first discovered on February 2017, with patches released in August 2017. However, additional details on the vulnerability and exploit code were recently published in multiple open-source media reports, and a Metasploit module is available, significantly increasing the risk to vulnerable systems.

SYSTEMS AFFECTED:

  • HPE iLO 4 prior to 2.54

RISK:

Government:
  • Large and medium government entities: HIGH
  • Small government entities: HIGH
Businesses:
  • Large and medium business entities: HIGH
  • Small business entities: HIGH
Home Users:
N/A

TECHNICAL SUMMARY:

A vulnerability (CVE-2017-12542) has been discovered in HPE iLO 4, which could allow for remote code execution or authentication bypass. Execution of the vulnerability requires an attacker to cURL to the affected server, followed by 29 “A” characters. Successful exploitation of the vulnerability could result in the extraction of plaintext passwords, addition of an administrator account, execution of malicious code, or replacement of iLO firmware.

RECOMENDATIONS:

We recommend the following actions be taken:

  • Verify no unauthorized system modifications have occurred on system before applying patch.
  • Apply appropriate updates provided by HPE to vulnerable systems, immediately after appropriate testing.
  • Restrict inbound access to only authorized IP addresses, machines, and/or users.

REFERENCES:

Get Email Updates When Cyber Threats Like This Arise

Arrow Subscribe to Advisories

Protect Your Systems from Cyber Threats Like This

CIS Control That Helps Avoid This Issue Arrow CIS Control 3: Continuous Vulnerability Assessment and Remediation

Information Hub : Advisories