Details of VAR-200408-0124

ID

VAR-200408-0124

CVE

CVE-2004-0525

TITLE

HP Integrated Lights Out Remote Denial of Service Vulnerability

Trust: 0.9

sources: BID: 10415 // CNNVD: CNNVD-200408-113

DESCRIPTION

HP Integrated Lights-Out (iLO) 1.10 and other versions before 1.55 allows remote attackers to cause a denial of service (hang) by accessing iLO using the TCP/IP reserved port zero. hewlett packard enterprise HPE Integrated Lights-Out There are unspecified vulnerabilities in the firmware.None. A successful attack can allow an attacker to cause the iLO service to crash, affectively denying service to legitimate users. iLO firmware prior to versions 1.55 is prone to this vulnerability. Integrated Lights-Out Advanced Package - Upgrades the Integrated Lights-Out processor to full virtual memory and control via a graphical console and virtual media

Trust: 1.98

sources: NVD: CVE-2004-0525 // JVNDB: JVNDB-2004-000944 // BID: 10415 // VULHUB: VHN-8955

AFFECTED PRODUCTS

vendor:	hp	model:	integrated lights-out	scope:	eq	version:	1.51a	Trust: 1.0
vendor:	hp	model:	integrated lights-out	scope:	eq	version:	1.40a	Trust: 1.0
vendor:	hp	model:	integrated lights-out	scope:	eq	version:	1.6a	Trust: 1.0
vendor:	hp	model:	integrated lights-out	scope:	eq	version:	1.15	Trust: 1.0
vendor:	hp	model:	integrated lights-out	scope:	eq	version:	1.26a	Trust: 1.0
vendor:	hp	model:	integrated lights-out	scope:	eq	version:	1.50	Trust: 1.0
vendor:	hp	model:	integrated lights-out	scope:	eq	version:	1.41a	Trust: 1.0
vendor:	hp	model:	integrated lights-out	scope:	eq	version:	1.15a	Trust: 1.0
vendor:	hp	model:	integrated lights-out	scope:	eq	version:	1.10	Trust: 1.0
vendor:	hp	model:	integrated lights-out	scope:	eq	version:	1.50a	Trust: 1.0
vendor:	hp	model:	integrated lights-out	scope:	eq	version:	1.20a	Trust: 1.0
vendor:	hp	model:	integrated lights-out	scope:	eq	version:	1.16a	Trust: 1.0
vendor:	hp	model:	integrated lights-out	scope:	eq	version:	1.27a	Trust: 1.0
vendor:	hp	model:	integrated lights-out	scope:	eq	version:	1.42a	Trust: 1.0
vendor:	hp	model:	integrated lights out	scope:	eq	version:	1.15	Trust: 0.9
vendor:	hp	model:	integrated lights out	scope:	eq	version:	1.10	Trust: 0.9
vendor:	ヒューレットパッカードエンタープライズ	model:	hpe integrated lights-out	scope:	eq	version:	hpe integrated lights-out firmware 1.10	Trust: 0.8
vendor:	ヒューレットパッカードエンタープライズ	model:	hpe integrated lights-out	scope:	eq	version:	hpe integrated lights-out firmware 1.42a	Trust: 0.8
vendor:	ヒューレットパッカードエンタープライズ	model:	hpe integrated lights-out	scope:	eq	version:	hpe integrated lights-out firmware 1.50	Trust: 0.8
vendor:	ヒューレットパッカードエンタープライズ	model:	hpe integrated lights-out	scope:	eq	version:	hpe integrated lights-out firmware 1.15a	Trust: 0.8
vendor:	ヒューレットパッカードエンタープライズ	model:	hpe integrated lights-out	scope:	eq	version:	hpe integrated lights-out firmware 1.51a	Trust: 0.8
vendor:	ヒューレットパッカードエンタープライズ	model:	hpe integrated lights-out	scope:	eq	version:	hpe integrated lights-out firmware 1.27a	Trust: 0.8
vendor:	ヒューレットパッカードエンタープライズ	model:	hpe integrated lights-out	scope:	eq	version:	hpe integrated lights-out firmware 1.50a	Trust: 0.8
vendor:	ヒューレットパッカードエンタープライズ	model:	hpe integrated lights-out	scope:	eq	version:	-	Trust: 0.8
vendor:	ヒューレットパッカードエンタープライズ	model:	hpe integrated lights-out	scope:	eq	version:	hpe integrated lights-out firmware 1.16a	Trust: 0.8
vendor:	ヒューレットパッカードエンタープライズ	model:	hpe integrated lights-out	scope:	eq	version:	hpe integrated lights-out firmware 1.20a	Trust: 0.8
vendor:	ヒューレットパッカードエンタープライズ	model:	hpe integrated lights-out	scope:	eq	version:	hpe integrated lights-out firmware 1.41a	Trust: 0.8
vendor:	ヒューレットパッカードエンタープライズ	model:	hpe integrated lights-out	scope:	eq	version:	hpe integrated lights-out firmware 1.15	Trust: 0.8
vendor:	ヒューレットパッカードエンタープライズ	model:	hpe integrated lights-out	scope:	eq	version:	hpe integrated lights-out firmware 1.6a	Trust: 0.8
vendor:	ヒューレットパッカードエンタープライズ	model:	hpe integrated lights-out	scope:	eq	version:	hpe integrated lights-out firmware 1.40a	Trust: 0.8
vendor:	ヒューレットパッカードエンタープライズ	model:	hpe integrated lights-out	scope:	eq	version:	hpe integrated lights-out firmware 1.26a	Trust: 0.8
vendor:	hp	model:	integrated lights out	scope:	eq	version:	1.16a	Trust: 0.6
vendor:	hp	model:	integrated lights out	scope:	eq	version:	1.26a	Trust: 0.6
vendor:	hp	model:	integrated lights out	scope:	eq	version:	1.27a	Trust: 0.6
vendor:	hp	model:	integrated lights out	scope:	eq	version:	1.20a	Trust: 0.6
vendor:	hp	model:	integrated lights out	scope:	eq	version:	1.15a	Trust: 0.6
vendor:	hp	model:	integrated lights out	scope:	eq	version:	1.41a	Trust: 0.6
vendor:	hp	model:	integrated lights out	scope:	eq	version:	1.40a	Trust: 0.6
vendor:	hp	model:	integrated lights out	scope:	eq	version:	1.6a	Trust: 0.6
vendor:	hp	model:	integrated lights out a	scope:	eq	version:	1.51	Trust: 0.3
vendor:	hp	model:	integrated lights out a	scope:	eq	version:	1.50	Trust: 0.3
vendor:	hp	model:	integrated lights out	scope:	eq	version:	1.50	Trust: 0.3
vendor:	hp	model:	integrated lights out a	scope:	eq	version:	1.42	Trust: 0.3
vendor:	hp	model:	integrated lights out a	scope:	eq	version:	1.41	Trust: 0.3
vendor:	hp	model:	integrated lights out a	scope:	eq	version:	1.40	Trust: 0.3
vendor:	hp	model:	integrated lights out a	scope:	eq	version:	1.27	Trust: 0.3
vendor:	hp	model:	integrated lights out a	scope:	eq	version:	1.26	Trust: 0.3
vendor:	hp	model:	integrated lights out a	scope:	eq	version:	1.20	Trust: 0.3
vendor:	hp	model:	integrated lights out a	scope:	eq	version:	1.16	Trust: 0.3
vendor:	hp	model:	integrated lights out a	scope:	eq	version:	1.15	Trust: 0.3
vendor:	hp	model:	integrated lights out a	scope:	eq	version:	1.6	Trust: 0.3
vendor:	hp	model:	integrated lights out	scope:	ne	version:	1.55	Trust: 0.3

sources: BID: 10415 // JVNDB: JVNDB-2004-000944 // CNNVD: CNNVD-200408-113 // NVD: CVE-2004-0525

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-0525
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2004-0525
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200408-113
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-8955
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2004-0525
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-8955
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-8955 // JVNDB: JVNDB-2004-000944 // CNNVD: CNNVD-200408-113 // NVD: CVE-2004-0525

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2004-000944 // NVD: CVE-2004-0525

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200408-113

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200408-113

PATCH

title:

HPE Integrated Lights Out-iLO

url:

https://www.hpe.com/jp/ja/hpe-integrated-lights-out-ilo.html

Trust: 0.8

sources: JVNDB: JVNDB-2004-000944

EXTERNAL IDS

db:	NVD	id:	CVE-2004-0525	Trust: 3.6
db:	BID	id:	10415	Trust: 2.8
db:	JVNDB	id:	JVNDB-2004-000944	Trust: 0.8
db:	CNNVD	id:	CNNVD-200408-113	Trust: 0.7
db:	HP	id:	SSRT4724	Trust: 0.6
db:	XF	id:	16251	Trust: 0.6
db:	VULHUB	id:	VHN-8955	Trust: 0.1

sources: VULHUB: VHN-8955 // BID: 10415 // JVNDB: JVNDB-2004-000944 // CNNVD: CNNVD-200408-113 // NVD: CVE-2004-0525

REFERENCES

url:	http://www.securityfocus.com/bid/10415	Trust: 2.5
url:	http://seclists.org/lists/bugtraq/2004/may/0281.html	Trust: 2.5
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/16251	Trust: 1.9
url:	https://nvd.nist.gov/vuln/detail/cve-2004-0525	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/16251	Trust: 0.6
url:	http://h18013.www1.hp.com/products/servers/management/ilo/	Trust: 0.3

sources: VULHUB: VHN-8955 // BID: 10415 // JVNDB: JVNDB-2004-000944 // CNNVD: CNNVD-200408-113 // NVD: CVE-2004-0525

CREDITS

HP Security Bulletin※ security-alert@hp.com

Trust: 0.6

sources: CNNVD: CNNVD-200408-113

SOURCES

db:	VULHUB	id:	VHN-8955
db:	BID	id:	10415
db:	JVNDB	id:	JVNDB-2004-000944
db:	CNNVD	id:	CNNVD-200408-113
db:	NVD	id:	CVE-2004-0525

LAST UPDATE DATE

2024-08-14T13:40:18.676000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-8955	date:	2018-10-30T00:00:00
db:	BID	id:	10415	date:	2009-07-12T05:16:00
db:	JVNDB	id:	JVNDB-2004-000944	date:	2024-06-07T09:11:00
db:	CNNVD	id:	CNNVD-200408-113	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2004-0525	date:	2018-10-30T16:26:20.200

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-8955	date:	2004-08-06T00:00:00
db:	BID	id:	10415	date:	2004-05-26T00:00:00
db:	JVNDB	id:	JVNDB-2004-000944	date:	2024-06-07T00:00:00
db:	CNNVD	id:	CNNVD-200408-113	date:	2004-05-26T00:00:00
db:	NVD	id:	CVE-2004-0525	date:	2004-08-06T04:00:00