Details of VAR-201808-0934

ID

VAR-201808-0934

CVE

CVE-2018-7078

TITLE

HPE Integrated Lights-Out 4 and HPE Integrated Lights-Out 5 Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2018-008904

DESCRIPTION

A remote code execution was identified in HPE Integrated Lights-Out 4 (iLO 4) earlier than version v2.60 and HPE Integrated Lights-Out 5 (iLO 5) earlier than version v1.30. Through an integrated remote management port, Monitor and maintain the running status of the server, remotely manage and control the server, etc. An attacker could exploit this vulnerability to execute code

Trust: 1.8

sources: NVD: CVE-2018-7078 // JVNDB: JVNDB-2018-008904 // VULHUB: VHN-137110 // VULMON: CVE-2018-7078

AFFECTED PRODUCTS

vendor:	hp	model:	integrated lights-out 4	scope:	lt	version:	2.60	Trust: 1.0
vendor:	hp	model:	integrated lights-out 5	scope:	lt	version:	1.30	Trust: 1.0
vendor:	hewlett packard	model:	hpe integrated lights-out 4	scope:	lt	version:	2.60	Trust: 0.8
vendor:	hewlett packard	model:	hpe integrated lights-out 5	scope:	lt	version:	1.30	Trust: 0.8
vendor:	hp	model:	integrated lights-out 4	scope:	eq	version:	2.03	Trust: 0.6
vendor:	hp	model:	integrated lights-out 4	scope:	eq	version:	1.13	Trust: 0.6
vendor:	hp	model:	integrated lights-out 4	scope:	eq	version:	1.11	Trust: 0.6
vendor:	hp	model:	integrated lights-out 4	scope:	eq	version:	1.20	Trust: 0.6
vendor:	hp	model:	integrated lights-out 4	scope:	eq	version:	2.01	Trust: 0.6

sources: JVNDB: JVNDB-2018-008904 // CNNVD: CNNVD-201808-163 // NVD: CVE-2018-7078

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-7078
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-7078
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201808-163
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-137110
value:	HIGH
Trust: 0.1
VULMON:	CVE-2018-7078
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-7078
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-137110
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-7078
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-137110 // VULMON: CVE-2018-7078 // JVNDB: JVNDB-2018-008904 // CNNVD: CNNVD-201808-163 // NVD: CVE-2018-7078

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2018-7078

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201808-163

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201808-163

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-008904

PATCH

title:	hpesbhf03844en_us	url:	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03844en_us	Trust: 0.8
title:	HPE Integrated Lights-Out 4 and Integrated Lights-Out 5 Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83969	Trust: 0.6
title:	Subverting your server through its BMC: the HPE iLO4 case	url:	https://github.com/cjzh781119/security-blog	Trust: 0.1
title:	Subverting your server through its BMC: the HPE iLO4 case	url:	https://github.com/airbus-seclab/ilo4_toolbox	Trust: 0.1

sources: VULMON: CVE-2018-7078 // JVNDB: JVNDB-2018-008904 // CNNVD: CNNVD-201808-163

EXTERNAL IDS

db:	NVD	id:	CVE-2018-7078	Trust: 2.6
db:	SECTRACK	id:	1041188	Trust: 1.2
db:	JVNDB	id:	JVNDB-2018-008904	Trust: 0.8
db:	CNNVD	id:	CNNVD-201808-163	Trust: 0.6
db:	VULHUB	id:	VHN-137110	Trust: 0.1
db:	VULMON	id:	CVE-2018-7078	Trust: 0.1

sources: VULHUB: VHN-137110 // VULMON: CVE-2018-7078 // JVNDB: JVNDB-2018-008904 // CNNVD: CNNVD-201808-163 // NVD: CVE-2018-7078

REFERENCES

url:	http://www.securitytracker.com/id/1041188	Trust: 1.2
url:	https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03844en_us	Trust: 1.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7078	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-7078	Trust: 0.8
url:	https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03844en_us	Trust: 0.7
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/cjzh781119/security-blog	Trust: 0.1
url:	https://github.com/airbus-seclab/ilo4_toolbox	Trust: 0.1

sources: VULHUB: VHN-137110 // VULMON: CVE-2018-7078 // JVNDB: JVNDB-2018-008904 // CNNVD: CNNVD-201808-163 // NVD: CVE-2018-7078

SOURCES

db:	VULHUB	id:	VHN-137110
db:	VULMON	id:	CVE-2018-7078
db:	JVNDB	id:	JVNDB-2018-008904
db:	CNNVD	id:	CNNVD-201808-163
db:	NVD	id:	CVE-2018-7078

LAST UPDATE DATE

2024-11-23T21:38:26.180000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-137110	date:	2018-10-05T00:00:00
db:	VULMON	id:	CVE-2018-7078	date:	2018-10-05T00:00:00
db:	JVNDB	id:	JVNDB-2018-008904	date:	2018-10-31T00:00:00
db:	CNNVD	id:	CNNVD-201808-163	date:	2018-08-07T00:00:00
db:	NVD	id:	CVE-2018-7078	date:	2024-11-21T04:11:36.797

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-137110	date:	2018-08-06T00:00:00
db:	VULMON	id:	CVE-2018-7078	date:	2018-08-06T00:00:00
db:	JVNDB	id:	JVNDB-2018-008904	date:	2018-10-31T00:00:00
db:	CNNVD	id:	CNNVD-201808-163	date:	2018-08-07T00:00:00
db:	NVD	id:	CVE-2018-7078	date:	2018-08-06T20:29:02.163