Tuesday, May 25, 2021

HP iLO: CVE-2021-29205: Cross-Site Scripting (XSS), Carriage Return Line Feed

Description
Multiple potential security vulnerabilities have been identified in HPE Integrated Lights-Out 5 (iLO 5), and HPE Integrated Lights-Out 4 (iLO 4). The vulnerabilities are XSS, CR-LF injection, DOM XSS and several buffer overflow vulnerabilities. The XSS, CR-LF injection and DOM XSS are against authenticated privileged iLO users of the iLO web interface. The iLO buffer overflow vulnerabilities can be exploited by a privileged user on a host OS to execute code on the iLO as a privileged user.
Solution(s)
  • hp-ilo-4-upgrade-2_78
  • hp-ilo-5-upgrade-2_44


  • References
  • https://attackerkb.com/topics/cve-2021-29205
  • CVE - 2021-29205
  • https://support.hpe.com/hpsc/doc/public/display?docId=hpesbhf04130en_us




  •  

    Copyright © 2020 Cyber Details - Vulnerability Database™

    Thanks for everything Templateism - You should have written the code a little more complicated