Sign-up

ID

VAR-201906-0680


CVE

CVE-2019-11983


TITLE

HPE Integrated Lights-Out 4 and Integrated Lights-Out 5 Buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-005304

DESCRIPTION

A remote buffer overflow vulnerability was identified in HPE Integrated Lights-Out 4 (iLO 4) earlier than v2.61b for Gen9 servers and Integrated Lights-Out 5 (iLO 5) for Gen10 Servers earlier than version v1.39. HP Integrated Lights-Out is prone to following security vulnerabilities: 1. A buffer-overflow vulnerability 2. Multiple unspecified cross-site scripting vulnerabilities An attacker can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks, execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. This solution enables remote monitoring and operation and maintenance of IT assets such as servers. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc

Trust: 1.98

sources: NVD: CVE-2019-11983 // JVNDB: JVNDB-2019-005304 // BID: 108832 // VULHUB: VHN-143684

AFFECTED PRODUCTS

vendor:hpmodel:integrated lights-out 5scope:lteversion:1.39

Trust: 1.0

vendor:hpmodel:integrated lights-out 4scope:lteversion:2.61b

Trust: 1.0

vendor:hewlett packardmodel:hpe integrated lights-out 4scope: - version: -

Trust: 0.8

vendor:hewlett packardmodel:hpe integrated lights-out 5scope: - version: -

Trust: 0.8

vendor:hpmodel:integrated lights-outscope:eqversion:51.40

Trust: 0.3

vendor:hpmodel:integrated lights-outscope:eqversion:51.39

Trust: 0.3

vendor:hpmodel:integrated lights-outscope:eqversion:51.35

Trust: 0.3

vendor:hpmodel:integrated lights-outscope:eqversion:51.30

Trust: 0.3

vendor:hpmodel:integrated lights-outscope:eqversion:51.11

Trust: 0.3

vendor:hpmodel:integrated lights-outscope:eqversion:50

Trust: 0.3

vendor:hpmodel:integrated lights-out 2.61bscope:eqversion:4

Trust: 0.3

vendor:hpmodel:integrated lights-outscope:eqversion:42.61

Trust: 0.3

vendor:hpmodel:integrated lights-outscope:eqversion:42.60

Trust: 0.3

vendor:hpmodel:integrated lights-outscope:eqversion:42.53

Trust: 0.3

vendor:hpmodel:integrated lights-outscope:eqversion:42.50

Trust: 0.3

vendor:hpmodel:integrated lights-outscope:eqversion:42.44

Trust: 0.3

vendor:hpmodel:integrated lights-outscope:eqversion:42.22

Trust: 0.3

vendor:hpmodel:integrated lights-outscope:eqversion:42.20

Trust: 0.3

vendor:hpmodel:integrated lights-outscope:eqversion:42.03

Trust: 0.3

vendor:hpmodel:integrated lights-outscope:eqversion:41.32

Trust: 0.3

vendor:hpmodel:integrated lights-outscope:eqversion:41.30

Trust: 0.3

vendor:hpmodel:integrated lights-outscope:eqversion:41.22

Trust: 0.3

vendor:hpmodel:integrated lights-outscope:eqversion:41.13

Trust: 0.3

vendor:hpmodel:integrated lights-outscope:eqversion:41.11

Trust: 0.3

vendor:hpmodel:integrated lights-outscope:eqversion:42.10

Trust: 0.3

vendor:hpmodel:integrated lights-out 1.40ascope:neversion:5

Trust: 0.3

vendor:hpmodel:integrated lights-outscope:neversion:42.70

Trust: 0.3

sources: BID: 108832 // JVNDB: JVNDB-2019-005304 // NVD: CVE-2019-11983

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-11983
value: HIGH

Trust: 1.0

NVD: CVE-2019-11983
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201906-178
value: HIGH

Trust: 0.6

VULHUB: VHN-143684
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-11983
severity: HIGH
baseScore: 8.3
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-143684
severity: HIGH
baseScore: 8.3
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-11983
baseSeverity: HIGH
baseScore: 7.0
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 4.7
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-143684 // JVNDB: JVNDB-2019-005304 // CNNVD: CNNVD-201906-178 // NVD: CVE-2019-11983

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-143684 // JVNDB: JVNDB-2019-005304 // NVD: CVE-2019-11983

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-178

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201906-178

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-005304

PATCH
title:hpesbhf03917en_usurl:https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03917en_us
Trust: 0.8
title:HPE Integrated Lights-Out Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93269
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-005304 // 
            
            
            
            CNNVD: CNNVD-201906-178

EXTERNAL IDS
db:NVDid:CVE-2019-11983
Trust: 2.8
db:JVNDBid:JVNDB-2019-005304
Trust: 0.8
db:CNNVDid:CNNVD-201906-178
Trust: 0.7
db:BIDid:108832
Trust: 0.3
db:VULHUBid:VHN-143684
Trust: 0.1
sources:
            
            
            VULHUB: VHN-143684 // 
            
            
            
            BID: 108832 // 
            
            
            
            JVNDB: JVNDB-2019-005304 // 
            
            
            
            CNNVD: CNNVD-201906-178 // 
            
            
            
            NVD: CVE-2019-11983

REFERENCES
url:https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03917en_us
Trust: 1.9
url:https://nvd.nist.gov/vuln/detail/cve-2019-11983
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11983
Trust: 0.8
url:http://www.hp.com
Trust: 0.3
url:https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03917en_us
Trust: 0.1
sources:
            
            
            VULHUB: VHN-143684 // 
            
            
            
            BID: 108832 // 
            
            
            
            JVNDB: JVNDB-2019-005304 // 
            
            
            
            CNNVD: CNNVD-201906-178 // 
            
            
            
            NVD: CVE-2019-11983

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 108832

SOURCES
db:VULHUBid:VHN-143684
db:BIDid:108832
db:JVNDBid:JVNDB-2019-005304
db:CNNVDid:CNNVD-201906-178
db:NVDid:CVE-2019-11983

LAST UPDATE DATE
2024-11-23T21:37:14.236000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-143684date:2019-06-07T00:00:00
db:BIDid:108832date:2019-05-17T00:00:00
db:JVNDBid:JVNDB-2019-005304date:2019-06-18T00:00:00
db:CNNVDid:CNNVD-201906-178date:2019-06-10T00:00:00
db:NVDid:CVE-2019-11983date:2024-11-21T04:22:06.370

SOURCES RELEASE DATE
db:VULHUBid:VHN-143684date:2019-06-05T00:00:00
db:BIDid:108832date:2019-05-17T00:00:00
db:JVNDBid:JVNDB-2019-005304date:2019-06-18T00:00:00
db:CNNVDid:CNNVD-201906-178date:2019-06-05T00:00:00
db:NVDid:CVE-2019-11983date:2019-06-05T17:29:00.257