CVE-2022-28636

Summary

CVE	CVE-2022-28636
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-08-12 15:15:00 UTC
Updated	2022-08-16 14:17:00 UTC
Description	A potential local arbitrary code execution and a local denial of service (DoS) vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could locally exploit this vulnerability to potentially execute arbitrary code in an isolated process resulting in a complete loss of confidentiality, integrity, and availability within that process. In addition, an unprivileged user could exploit a denial of service (DoS) vulnerability in an isolated process resulting in a complete loss of availability within that process. A successful attack depends on conditions beyond the attackers control. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5).

Risk And Classification

Problem Types: NVD-CWE-noinfo

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Hpe	Apollo 2000 Gen10 Plus System	-	All	All	All
Hardware	Hpe	Apollo 4200 Gen10 Server	-	All	All	All
Hardware	Hpe	Apollo 4510 Gen10 System	-	All	All	All
Hardware	Hpe	Apollo 6500 Gen10 Plus System	-	All	All	All
Hardware	Hpe	Apollo 6500 Gen10 System	-	All	All	All
Hardware	Hpe	Apollo N2600 Gen10 Plus	-	All	All	All
Hardware	Hpe	Apollo N2800 Gen10 Plus	-	All	All	All
Hardware	Hpe	Apollo R2600 Gen10	-	All	All	All
Hardware	Hpe	Apollo R2800 Gen10	-	All	All	All
Hardware	Hpe	Edgeline E920d Server Blade	-	All	All	All
Hardware	Hpe	Edgeline E920t Server Blade	-	All	All	All
Hardware	Hpe	Edgeline E920 Server Blade	-	All	All	All
Operating System	Hpe	Integrated Lights-out 5 Firmware	All	All	All	All
Hardware	Hpe	Proliant Bl460c Gen10 Server Blade	-	All	All	All
Hardware	Hpe	Proliant Dl110 Gen10 Plus Telco Server	-	All	All	All
Hardware	Hpe	Proliant Dl120 Gen10 Server	-	All	All	All
Hardware	Hpe	Proliant Dl160 Gen10 Server	-	All	All	All
Hardware	Hpe	Proliant Dl180 Gen10 Server	-	All	All	All
Hardware	Hpe	Proliant Dl20 Gen10 Plus Server	-	All	All	All
Hardware	Hpe	Proliant Dl20 Gen10 Server	-	All	All	All
Hardware	Hpe	Proliant Dl325 Gen10 Plus Server	-	All	All	All
Hardware	Hpe	Proliant Dl325 Gen10 Plus V2 Server	-	All	All	All
Hardware	Hpe	Proliant Dl325 Gen10 Server	-	All	All	All
Hardware	Hpe	Proliant Dl345 Gen10 Plus Server	-	All	All	All
Hardware	Hpe	Proliant Dl360 Gen10 Plus Server	-	All	All	All
Hardware	Hpe	Proliant Dl360 Gen10 Server	-	All	All	All
Hardware	Hpe	Proliant Dl365 Gen10 Plus Server	-	All	All	All
Hardware	Hpe	Proliant Dl380 Gen10 Plus Server	-	All	All	All
Hardware	Hpe	Proliant Dl380 Gen10 Server	-	All	All	All
Hardware	Hpe	Proliant Dl385 Gen10 Plus Server	-	All	All	All
Hardware	Hpe	Proliant Dl385 Gen10 Plus V2 Server	-	All	All	All
Hardware	Hpe	Proliant Dl385 Gen10 Server	-	All	All	All
Hardware	Hpe	Proliant Dl560 Gen10 Server	-	All	All	All
Hardware	Hpe	Proliant Dl580 Gen10 Server	-	All	All	All
Hardware	Hpe	Proliant Dx170r Gen10 Server	-	All	All	All
Hardware	Hpe	Proliant Dx190r Gen10 Server	-	All	All	All
Hardware	Hpe	Proliant Dx220n Gen10 Plus Server	-	All	All	All
Hardware	Hpe	Proliant Dx325 Gen10 Plus V2 Server	-	All	All	All
Hardware	Hpe	Proliant Dx360 Gen10 Plus Server	-	All	All	All
Hardware	Hpe	Proliant Dx360 Gen10 Server	-	All	All	All
Hardware	Hpe	Proliant Dx380 Gen10 Plus Server	-	All	All	All
Hardware	Hpe	Proliant Dx380 Gen10 Server	-	All	All	All
Hardware	Hpe	Proliant Dx385 Gen10 Plus Server	-	All	All	All
Hardware	Hpe	Proliant Dx385 Gen10 Plus V2 Server	-	All	All	All
Hardware	Hpe	Proliant Dx4200 Gen10 Server	-	All	All	All
Hardware	Hpe	Proliant Dx560 Gen10 Server	-	All	All	All
Hardware	Hpe	Proliant E910t Server Blade	-	All	All	All
Hardware	Hpe	Proliant E910 Server Blade	-	All	All	All
Hardware	Hpe	Proliant M750 Server Blade	-	All	All	All
Hardware	Hpe	Proliant Microserver Gen10 Plus	-	All	All	All
Hardware	Hpe	Proliant Ml110 Gen10 Server	-	All	All	All
Hardware	Hpe	Proliant Ml30 Gen10 Plus Server	-	All	All	All
Hardware	Hpe	Proliant Ml30 Gen10 Server	-	All	All	All
Hardware	Hpe	Proliant Ml350 Gen10 Server	-	All	All	All
Hardware	Hpe	Proliant Xl170r Gen10 Server	-	All	All	All
Hardware	Hpe	Proliant Xl190r Gen10 Server	-	All	All	All
Hardware	Hpe	Proliant Xl220n Gen10 Plus Server	-	All	All	All
Hardware	Hpe	Proliant Xl225n Gen10 Plus 1u Node	-	All	All	All
Hardware	Hpe	Proliant Xl230k Gen10 Server	-	All	All	All
Hardware	Hpe	Proliant Xl270d Gen10 Server	-	All	All	All
Hardware	Hpe	Proliant Xl290n Gen10 Plus Server	-	All	All	All
Hardware	Hpe	Proliant Xl420 Gen10 Server	-	All	All	All
Hardware	Hpe	Proliant Xl450 Gen10 Server	-	All	All	All
Hardware	Hpe	Proliant Xl645d Gen10 Plus Server	-	All	All	All
Hardware	Hpe	Proliant Xl675d Gen10 Plus Server	-	All	All	All
Hardware	Hpe	Proliant Xl925g Gen10 Plus Server	-	All	All	All
Hardware	Hpe	Storage File Controller	-	All	All	All
Hardware	Hpe	Storage Performance File Controller	-	All	All	All
Hardware	Hpe	Storeeasy 1460 Storage	-	All	All	All
Hardware	Hpe	Storeeasy 1560 Storage	-	All	All	All
Hardware	Hpe	Storeeasy 1660 Expanded Storage	-	All	All	All
Hardware	Hpe	Storeeasy 1660 Performance Storage	-	All	All	All
Hardware	Hpe	Storeeasy 1660 Storage	-	All	All	All
Hardware	Hpe	Storeeasy 1860 Performance Storage	-	All	All	All
Hardware	Hpe	Storeeasy 1860 Storage	-	All	All	All

References

Reference	Source	Link	Tags
Document Display \| HPE Support Center	MISC	support.hpe.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

730605 Hewlett Packard Enterprise (HPE) Integrated Lights-Out 5 (iLO 5) Multiple Vulnerabilities (HPESBHF04333)