HP Integrated Lights-Out information leakage Vulnerability

Release date:
Updated on:

Affected Systems:
HP Integrated Lights Out 3 (iLO 3) 1.x
HP Integrated Lights Out 4 (iLO 4) 1.x
Description:
--------------------------------------------------------------------------------
Cve id: CVE-2012-3271

HP Integrated Lights-Out is HP's Embedded Server management Technology, similar to other manufacturers' Lights out management (LOM) technology.

HP Integrated Lights-Out 3 (iLO3) 1.28 and earlier versions, HP Integrated Lights-Out 4 (iLO4) 1.11 and earlier versions have security vulnerabilities in implementation, attackers can obtain the Administrator's access permissions and expose some sensitive information. Details are currently unknown.

<* Source: vendor

Link: http://secunia.com/advisories/51378/
What is https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay? DocId = emr_na-c03515413
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

HP
--
HP has released a Security Bulletin (HPSBHF02821) for this purpose and the corresponding patch:

HPSBHF02821: SSRT100934 rev.1-HP Integrated Lights-Out iLO3 and iLO4, Remote Disclosure of Information

Https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay? DocId = emr_na-c03515413

Patch download: http://www.hp.com/go/bizsupport