Sign-up

ID

VAR-201809-1083


CVE

CVE-2018-7105


TITLE

HPE Integrated Lights-Out 5 , HPE Integrated Lights-Out 4 , HPE Integrated Lights-Out 3 Vulnerabilities related to security functions

Trust: 0.8

sources: JVNDB: JVNDB-2018-012393

DESCRIPTION

A security vulnerability in HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers prior to v1.35, HPE Integrated Lights-Out 4 (iLO 4) prior to v2.61, HPE Integrated Lights-Out 3 (iLO 3) prior to v1.90 could be remotely exploited to execute arbitrary code leading to disclosure of information. HP Integrated Lights-Out is prone to local privilege escalation and information-disclosure vulnerabilities. An attacker can exploit these issues to execute arbitrary code with elevated privileges and obtain sensitive information that may aid in launching further attacks. HPE iLO 3, 4, and 5 have security vulnerabilities

Trust: 2.07

sources: NVD: CVE-2018-7105 // JVNDB: JVNDB-2018-012393 // BID: 105425 // VULHUB: VHN-137137 // VULMON: CVE-2018-7105

AFFECTED PRODUCTS

vendor:hpmodel:integrated lights-out 5scope:ltversion:1.35

Trust: 1.0

vendor:hpmodel:integrated lights-out 3scope:ltversion:1.90

Trust: 1.0

vendor:hpmodel:integrated lights-out 4scope:ltversion:2.61

Trust: 1.0

vendor:hewlett packardmodel:hpe integrated lights-out 3scope:ltversion:1.90

Trust: 0.8

vendor:hewlett packardmodel:hpe integrated lights-out 4scope:ltversion:2.61

Trust: 0.8

vendor:hewlett packardmodel:hpe integrated lights-out 5scope:ltversion:1.35

Trust: 0.8

vendor:hpmodel:integrated lights-out 3scope:eqversion:1.55

Trust: 0.6

vendor:hpmodel:integrated lights-out 3scope:eqversion:1.26

Trust: 0.6

vendor:hpmodel:integrated lights-out 3scope:eqversion:1.00

Trust: 0.6

vendor:hpmodel:integrated lights-out 4scope:eqversion:1.13

Trust: 0.6

vendor:hpmodel:integrated lights-out 4scope:eqversion:1.11

Trust: 0.6

vendor:hpmodel:integrated lights-out 3scope:eqversion:1.50

Trust: 0.6

vendor:hpmodel:integrated lights-out 3scope:eqversion:1.20

Trust: 0.6

vendor:hpmodel:integrated lights-out 3scope:eqversion:1.80

Trust: 0.6

vendor:hpmodel:integrated lights-out 3scope:eqversion:1.28

Trust: 0.6

vendor:hpmodel:integrated lights-out 3scope:eqversion:1.05

Trust: 0.6

vendor:hpmodel:integrated lights-outscope:eqversion:50

Trust: 0.3

vendor:hpmodel:integrated lights-outscope:eqversion:42.53

Trust: 0.3

vendor:hpmodel:integrated lights-outscope:eqversion:42.50

Trust: 0.3

vendor:hpmodel:integrated lights-outscope:eqversion:42.44

Trust: 0.3

vendor:hpmodel:integrated lights-outscope:eqversion:42.22

Trust: 0.3

vendor:hpmodel:integrated lights-outscope:eqversion:42.20

Trust: 0.3

vendor:hpmodel:integrated lights-outscope:eqversion:42.03

Trust: 0.3

vendor:hpmodel:integrated lights-outscope:eqversion:41.32

Trust: 0.3

vendor:hpmodel:integrated lights-outscope:eqversion:41.30

Trust: 0.3

vendor:hpmodel:integrated lights-outscope:eqversion:41.22

Trust: 0.3

vendor:hpmodel:integrated lights-outscope:eqversion:41.13

Trust: 0.3

vendor:hpmodel:integrated lights-outscope:eqversion:41.11

Trust: 0.3

vendor:hpmodel:integrated lights-outscope:eqversion:42.10

Trust: 0.3

vendor:hpmodel:integrated lights-outscope:eqversion:40

Trust: 0.3

vendor:hpmodel:integrated lights-outscope:eqversion:30

Trust: 0.3

vendor:hpmodel:integrated lights-outscope:neversion:51.35

Trust: 0.3

vendor:hpmodel:integrated lights-outscope:neversion:42.61

Trust: 0.3

vendor:hpmodel:integrated lights-outscope:neversion:31.90

Trust: 0.3

sources: BID: 105425 // JVNDB: JVNDB-2018-012393 // CNNVD: CNNVD-201809-1230 // NVD: CVE-2018-7105

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-7105
value: HIGH

Trust: 1.0

NVD: CVE-2018-7105
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201809-1230
value: HIGH

Trust: 0.6

VULHUB: VHN-137137
value: HIGH

Trust: 0.1

VULMON: CVE-2018-7105
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-7105
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-137137
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-7105
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-137137 // VULMON: CVE-2018-7105 // JVNDB: JVNDB-2018-012393 // CNNVD: CNNVD-201809-1230 // NVD: CVE-2018-7105

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-254

Trust: 0.9

sources: VULHUB: VHN-137137 // JVNDB: JVNDB-2018-012393 // NVD: CVE-2018-7105

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201809-1230

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201809-1230

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-012393

PATCH
title:hpesbhf03866en_usurl:https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03866en_us
Trust: 0.8
title:HPE Integrated Lights-Out Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85246
Trust: 0.6
title:PCILeech HP iLO4 Serviceurl:https://github.com/Synacktiv/pcileech_hpilo4_service 
Trust: 0.1
title:Subverting your server through its BMC: the HPE iLO4 caseurl:https://github.com/airbus-seclab/ilo4_toolbox 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-7105 // 
            
            
            
            JVNDB: JVNDB-2018-012393 // 
            
            
            
            CNNVD: CNNVD-201809-1230

EXTERNAL IDS
db:NVDid:CVE-2018-7105
Trust: 2.9
db:BIDid:105425
Trust: 2.1
db:SECTRACKid:1041649
Trust: 1.8
db:JVNDBid:JVNDB-2018-012393
Trust: 0.8
db:CNNVDid:CNNVD-201809-1230
Trust: 0.7
db:VULHUBid:VHN-137137
Trust: 0.1
db:VULMONid:CVE-2018-7105
Trust: 0.1
sources:
            
            
            VULHUB: VHN-137137 // 
            
            
            
            VULMON: CVE-2018-7105 // 
            
            
            
            BID: 105425 // 
            
            
            
            JVNDB: JVNDB-2018-012393 // 
            
            
            
            CNNVD: CNNVD-201809-1230 // 
            
            
            
            NVD: CVE-2018-7105

REFERENCES
url:https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03866en_us
Trust: 2.0
url:http://www.securityfocus.com/bid/105425
Trust: 1.9
url:http://www.securitytracker.com/id/1041649
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7105
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-7105
Trust: 0.8
url:http://www.hp.com
Trust: 0.3
url:https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03866en_us
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://github.com/synacktiv/pcileech_hpilo4_service
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-137137 // 
            
            
            
            VULMON: CVE-2018-7105 // 
            
            
            
            BID: 105425 // 
            
            
            
            JVNDB: JVNDB-2018-012393 // 
            
            
            
            CNNVD: CNNVD-201809-1230 // 
            
            
            
            NVD: CVE-2018-7105

CREDITS
The vendor has reported these issues.
Trust: 0.3
sources:
            
            
            BID: 105425

SOURCES
db:VULHUBid:VHN-137137
db:VULMONid:CVE-2018-7105
db:BIDid:105425
db:JVNDBid:JVNDB-2018-012393
db:CNNVDid:CNNVD-201809-1230
db:NVDid:CVE-2018-7105

LAST UPDATE DATE
2024-11-23T19:33:07.678000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-137137date:2019-10-03T00:00:00
db:VULMONid:CVE-2018-7105date:2019-10-03T00:00:00
db:BIDid:105425date:2018-09-13T00:00:00
db:JVNDBid:JVNDB-2018-012393date:2019-02-01T00:00:00
db:CNNVDid:CNNVD-201809-1230date:2019-10-23T00:00:00
db:NVDid:CVE-2018-7105date:2024-11-21T04:11:39.143

SOURCES RELEASE DATE
db:VULHUBid:VHN-137137date:2018-09-27T00:00:00
db:VULMONid:CVE-2018-7105date:2018-09-27T00:00:00
db:BIDid:105425date:2018-09-13T00:00:00
db:JVNDBid:JVNDB-2018-012393date:2019-02-01T00:00:00
db:CNNVDid:CNNVD-201809-1230date:2018-09-28T00:00:00
db:NVDid:CVE-2018-7105date:2018-09-27T18:29:00.800