Sign-up

ID

VAR-201809-1079


CVE

CVE-2018-7101


TITLE

HPE Integrated Lights Out 4 and iLO 5 Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-010850

DESCRIPTION

A potential remote denial of service security vulnerability has been identified in HPE Integrated Lights Out 4 prior to v2.60 and iLO 5 for Gen 10 servers prior to v1.30. HPE Integrated Lights Out 4 and iLO 5 Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. HP Integrated Lights-Out is prone to an unspecified remote denial-of-service vulnerability. Exploiting this issue allows remote attackers to trigger denial-of-service conditions. Through an integrated remote management port, Monitor and maintain the running status of the server, remotely manage and control the server, etc. A remote attacker could exploit this vulnerability to cause a denial of service

Trust: 1.98

sources: NVD: CVE-2018-7101 // JVNDB: JVNDB-2018-010850 // BID: 107298 // VULHUB: VHN-137133

AFFECTED PRODUCTS

vendor:hpmodel:integrated lights-out 4scope:ltversion:2.60

Trust: 1.0

vendor:hpmodel:integrated lights-out 5scope:ltversion:1.30

Trust: 1.0

vendor:hewlett packardmodel:hpe integrated lights-out 4scope:ltversion:2.60

Trust: 0.8

vendor:hewlett packardmodel:hpe integrated lights-out 5scope:ltversion:1.30

Trust: 0.8

vendor:hpmodel:integrated lights-out 4scope:eqversion:2.03

Trust: 0.6

vendor:hpmodel:integrated lights-out 4scope:eqversion:1.13

Trust: 0.6

vendor:hpmodel:integrated lights-out 4scope:eqversion:1.11

Trust: 0.6

vendor:hpmodel:integrated lights-out 4scope:eqversion:1.20

Trust: 0.6

vendor:hpmodel:integrated lights-out 4scope:eqversion:2.01

Trust: 0.6

vendor:hpmodel:integrated lights-outscope:eqversion:51.11

Trust: 0.3

vendor:hpmodel:integrated lights-outscope:eqversion:42.53

Trust: 0.3

vendor:hpmodel:integrated lights-outscope:eqversion:42.50

Trust: 0.3

vendor:hpmodel:integrated lights-outscope:eqversion:42.44

Trust: 0.3

vendor:hpmodel:integrated lights-outscope:eqversion:42.22

Trust: 0.3

vendor:hpmodel:integrated lights-outscope:eqversion:42.20

Trust: 0.3

vendor:hpmodel:integrated lights-outscope:eqversion:42.03

Trust: 0.3

vendor:hpmodel:integrated lights-outscope:eqversion:41.32

Trust: 0.3

vendor:hpmodel:integrated lights-outscope:eqversion:41.30

Trust: 0.3

vendor:hpmodel:integrated lights-outscope:eqversion:41.22

Trust: 0.3

vendor:hpmodel:integrated lights-outscope:eqversion:41.13

Trust: 0.3

vendor:hpmodel:integrated lights-outscope:eqversion:41.11

Trust: 0.3

vendor:hpmodel:integrated lights-outscope:eqversion:42.10

Trust: 0.3

vendor:hpmodel:gen serversscope:eqversion:100

Trust: 0.3

vendor:hpmodel:integrated lights-outscope:neversion:51.30

Trust: 0.3

vendor:hpmodel:integrated lights-outscope:neversion:42.60

Trust: 0.3

sources: BID: 107298 // JVNDB: JVNDB-2018-010850 // CNNVD: CNNVD-201809-1234 // NVD: CVE-2018-7101

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-7101
value: HIGH

Trust: 1.0

NVD: CVE-2018-7101
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201809-1234
value: HIGH

Trust: 0.6

VULHUB: VHN-137133
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-7101
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-137133
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-7101
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-137133 // JVNDB: JVNDB-2018-010850 // CNNVD: CNNVD-201809-1234 // NVD: CVE-2018-7101

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-20

Trust: 0.9

sources: VULHUB: VHN-137133 // JVNDB: JVNDB-2018-010850 // NVD: CVE-2018-7101

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201809-1234

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201809-1234

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-010850

PATCH
title:hpesbhf03875en_usurl:https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03875en_us
Trust: 0.8
title:HPE Integrated Lights Out 4  and 5 for Gen Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85250
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-010850 // 
            
            
            
            CNNVD: CNNVD-201809-1234

EXTERNAL IDS
db:NVDid:CVE-2018-7101
Trust: 2.8
db:SECTRACKid:1041488
Trust: 1.7
db:JVNDBid:JVNDB-2018-010850
Trust: 0.8
db:CNNVDid:CNNVD-201809-1234
Trust: 0.7
db:BIDid:107298
Trust: 0.3
db:VULHUBid:VHN-137133
Trust: 0.1
sources:
            
            
            VULHUB: VHN-137133 // 
            
            
            
            BID: 107298 // 
            
            
            
            JVNDB: JVNDB-2018-010850 // 
            
            
            
            CNNVD: CNNVD-201809-1234 // 
            
            
            
            NVD: CVE-2018-7101

REFERENCES
url:https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03875en_us
Trust: 1.9
url:http://www.securitytracker.com/id/1041488
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7101
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-7101
Trust: 0.8
url:http://www.hp.com/
Trust: 0.3
url:https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03875en_us
Trust: 0.1
sources:
            
            
            VULHUB: VHN-137133 // 
            
            
            
            BID: 107298 // 
            
            
            
            JVNDB: JVNDB-2018-010850 // 
            
            
            
            CNNVD: CNNVD-201809-1234 // 
            
            
            
            NVD: CVE-2018-7101

CREDITS
Matias Soler
Trust: 0.3
sources:
            
            
            BID: 107298

SOURCES
db:VULHUBid:VHN-137133
db:BIDid:107298
db:JVNDBid:JVNDB-2018-010850
db:CNNVDid:CNNVD-201809-1234
db:NVDid:CVE-2018-7101

LAST UPDATE DATE
2024-11-23T22:55:43.801000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-137133date:2020-08-24T00:00:00
db:BIDid:107298date:2018-08-14T00:00:00
db:JVNDBid:JVNDB-2018-010850date:2018-12-26T00:00:00
db:CNNVDid:CNNVD-201809-1234date:2020-10-22T00:00:00
db:NVDid:CVE-2018-7101date:2024-11-21T04:11:38.753

SOURCES RELEASE DATE
db:VULHUBid:VHN-137133date:2018-09-27T00:00:00
db:BIDid:107298date:2018-08-14T00:00:00
db:JVNDBid:JVNDB-2018-010850date:2018-12-26T00:00:00
db:CNNVDid:CNNVD-201809-1234date:2018-09-28T00:00:00
db:NVDid:CVE-2018-7101date:2018-09-27T18:29:00.300