Description
Multiple potential security vulnerabilities have been identified in HPE Integrated Lights-Out 5 (iLO 5), and HPE Integrated Lights-Out 4 (iLO 4). The vulnerabilities are XSS, CR-LF injection, DOM XSS and several buffer overflow vulnerabilities. The XSS, CR-LF injection and DOM XSS are against authenticated privileged iLO users of the iLO web interface. The iLO buffer overflow vulnerabilities can be exploited by a privileged user on a host OS to execute code on the iLO as a privileged user.
Solution(s)
hp-ilo-4-upgrade-2_78hp-ilo-5-upgrade-2_44
Referenceshttps://attackerkb.com/topics/cve-2021-29206CVE - 2021-29206https://support.hpe.com/hpsc/doc/public/display?docId=hpesbhf04130en_us