HPE iLO — уязвимость DoS (CVE-2022-0778)

Олег

16 октября 2022

Hewlett Packard Enterprise

В марте 2022 г в библиотеке OpenSSL была обнаружена уязвимость CVE-2022-0778 (7.5 балла по шкале CVSS). Злоумышленник может спровоцировать выполнение бесконечного цикла. Как следствие — DoS (Denial of Service, отказ в обслуживании).

Вчера от HPE приходит бюллетень уязвимостей, в списке которых числится и CVE-2022-0778. Системы удалённого управления iLO 4 и iLO используют библиотеку OpenSSL, соответственно, нужно обновлять iLO.

Уязвимые версии:

HPE Integrated Lights-Out 5 (iLO 5) для HPE Gen10 серверов — до v2.72
HPE Integrated Lights-Out 4 (iLO 4) для HPE Gen9 серверов — до v2.81

Уязвимые модели серверов:

HP ConvergedSystem 700 - Varies, based on server platform
HP ConvergedSystem 700x - Varies, based on server platform
HPE ProLiant BL460c Gen10 Server Blade -Prior to iLO 5 v2.72
HPE ProLiant DL580 Gen10 Server -Prior to iLO 5 v2.72
HPE ProLiant DL560 Gen10 Server -Prior to iLO 5 v2.72
HPE ProLiant DL385 Gen10 Plus server -Prior to iLO 5 v2.72
HPE ProLiant DL385 Gen10 Server -Prior to iLO 5 v2.72
HPE ProLiant DL385 Gen10 Plus v2 server -Prior to iLO 5 v2.72
HPE ProLiant DL380 Gen10 Plus server -Prior to iLO 5 v2.72
HPE ProLiant DL380 Gen10 Server -Prior to iLO 5 v2.72
HPE ProLiant DL365 Gen10 Plus server -Prior to iLO 5 v2.72
HPE ProLiant DL360 Gen10 Plus server -Prior to iLO 5 v2.72
HPE ProLiant DL360 Gen10 Server -Prior to iLO 5 v2.72
HPE ProLiant DL345 Gen10 Plus server -Prior to iLO 5 v2.72
HPE ProLiant DL325 Gen10 Plus server -Prior to iLO 5 v2.72
HPE ProLiant DL325 Gen10 Server -Prior to iLO 5 v2.72
HPE ProLiant DL180 Gen10 Server -Prior to iLO 5 v2.72
HPE ProLiant DL160 Gen10 Server -Prior to iLO 5 v2.72
HPE ProLiant DL120 Gen10 Server -Prior to iLO 5 v2.72
HPE ProLiant DL20 Gen10 Plus server -Prior to iLO 5 v2.72
HPE ProLiant DL20 Gen10 Server -Prior to iLO 5 v2.72
HPE ProLiant DX170r Gen10 server -Prior to iLO 5 v2.72
HPE ProLiant DX190r Gen10 server -Prior to iLO 5 v2.72
HPE ProLiant DX220n Gen10 Plus server -Prior to iLO 5 v2.72
HPE ProLiant DX325 Gen10 Plus v2 server -Prior to iLO 5 v2.72
HPE ProLiant DX360 Gen10 Plus server -Prior to iLO 5 v2.72
HPE ProLiant DX360 Gen10 server -Prior to iLO 5 v2.72
HPE ProLiant DX380 Gen10 Plus server -Prior to iLO 5 v2.72
HPE ProLiant DX380 Gen10 server -Prior to iLO 5 v2.72
HPE ProLiant DX385 Gen10 Plus v2 server -Prior to iLO 5 v2.72
HPE ProLiant DX385 Gen10 Plus server -Prior to iLO 5 v2.72
HPE ProLiant DX560 Gen10 server -Prior to iLO 5 v2.72
HPE ProLiant DX4200 Gen10 server -Prior to iLO 5 v2.72
HPE ProLiant ML350 Gen10 Server -Prior to iLO 5 v2.72
HPE ProLiant ML110 Gen10 Server -Prior to iLO 5 v2.72
HPE ProLiant ML30 Gen10 Plus server -Prior to iLO 5 v2.72
HPE ProLiant ML30 Gen10 Server -Prior to iLO 5 v2.72
HPE Storage File Controller -Prior to iLO 5 v2.72
HPE Storage Performance File Controller -Prior to iLO 5 v2.72
HPE StoreEasy 1460 Storage -Prior to iLO 5 v2.72
HPE StoreEasy 1560 Storage -Prior to iLO 5 v2.72
HPE StoreEasy 1660 Expanded Storage -Prior to iLO 5 v2.72
HPE StoreEasy 1660 Performance Storage -Prior to iLO 5 v2.72
HPE StoreEasy 1660 Storage -Prior to iLO 5 v2.72
HPE StoreEasy 1860 Performance Storage -Prior to iLO 5 v2.72
HPE StoreEasy 1860 Storage -Prior to iLO 5 v2.72
HPE ProLiant XL675d Gen10 Plus Server -Prior to iLO 5 v2.72
HPE ProLiant XL645d Gen10 Plus Server -Prior to iLO 5 v2.72
HPE ProLiant XL450 Gen10 Server -Prior to iLO 5 v2.72
HPE ProLiant XL290n Gen10 Plus Server -Prior to iLO 5 v2.72
HPE ProLiant XL270d Gen10 Server -Prior to iLO 5 v2.72
HPE ProLiant XL230k Gen10 Server -Prior to iLO 5 v2.72
HPE ProLiant XL225n Gen10 Plus 1U Node -Prior to iLO 5 v2.72
HPE ProLiant XL220n Gen10 Plus Server -Prior to iLO 5 v2.72
HPE ProLiant XL190r Gen10 Server -Prior to iLO 5 v2.72
HPE ProLiant XL170r Gen10 Server -Prior to iLO 5 v2.72
HPE ProLiant e910 Server Blade -Prior to iLO 5 v2.72
HPE ProLiant e910t Server Blade -Prior to iLO 5 v2.72
HPE Edgeline e920 Server Blade -Prior to iLO 5 v2.72
HPE Edgeline e920d Server Blade -Prior to iLO 5 v2.72
HPE Edgeline e920t Server Blade -Prior to iLO 5 v2.72
HPE Apollo 6500 Gen10 Plus System -Prior to iLO 5 v2.72
HPE Apollo 6500 Gen10 System -Prior to iLO 5 v2.72
HPE Apollo 4510 Gen10 System -Prior to iLO 5 v2.72
HPE Apollo 4200 Gen10 Plus System -Prior to iLO 5 v2.72
HPE Apollo 4200 Gen10 Server -Prior to iLO 5 v2.72
HPE Apollo n2800 Gen10 Plus -Prior to iLO 5 v2.72
HPE Apollo r2800 Gen10 24 SFF Flexible Configure-to-order Chassis -Prior to iLO 5 v2.72
HPE Apollo n2600 Gen10 Plus -Prior to iLO 5 v2.72
HPE Apollo r2600 Gen10 24 SFF Premium Configure-to-order Chassis -Prior to iLO 5 v2.72
HPE Apollo r2200 Gen10 12 LFF Configure-to-order Chassis -Prior to iLO 5 v2.72
HPE Apollo r2000 Chassis -Prior to iLO 5 v2.72
HPE ProLiant BL660c Gen9 Server -Prior to iLO 4 v2.81
HPE ProLiant BL660c Gen8 Server Blade -Prior to iLO 4 v2.81
HPE ProLiant BL465c Gen8 Server Blade -Prior to iLO 4 v2.81
HPE ProLiant BL460c Gen9 Server Blade -Prior to iLO 4 v2.81
HPE ProLiant BL460c Gen8 Server Blade -Prior to iLO 4 v2.81
HPE ProLiant BL420c Gen8 Server -Prior to iLO 4 v2.81
HPE ProLiant DL580 Gen9 Server -Prior to iLO 4 v2.81
HPE ProLiant DL580 Gen8 Server -Prior to iLO 4 v2.81
HPE ProLiant DL560 Gen9 Server -Prior to iLO 4 v2.81
HPE ProLiant DL560 Gen8 Server -Prior to iLO 4 v2.81
HPE ProLiant DL385p Gen8 (AMD) -Prior to iLO 4 v2.81
HPE ProLiant DL380 Gen9 Server -Prior to iLO 4 v2.81
HPE ProLiant DL380p Gen8 Server -Prior to iLO 4 v2.81
HPE ProLiant DL380e Gen8 Server -Prior to iLO 4 v2.81
HPE ProLiant DL360 Gen9 Server -Prior to iLO 4 v2.81
HPE ProLiant DL360p Gen8 Server -Prior to iLO 4 v2.81
HPE ProLiant DL360e Gen8 Server -Prior to iLO 4 v2.81
HPE ProLiant DL320e Gen8 v2 Server -Prior to iLO 4 v2.81
HPE ProLiant DL320e Gen8 Server -Prior to iLO 4 v2.81
HPE ProLiant DL180 Gen9 Server -Prior to iLO 4 v2.81
HPE ProLiant DL160 Gen9 Server -Prior to iLO 4 v2.81
HPE ProLiant DL160 Gen8 Server -Prior to iLO 4 v2.81
HPE ProLiant DL120 Gen9 Server -Prior to iLO 4 v2.81
HPE ProLiant DL80 Gen9 Server -Prior to iLO 4 v2.81
HPE ProLiant DL60 Gen9 Server -Prior to iLO 4 v2.81
HPE ProLiant DL20 Gen9 Server -Prior to iLO 4 v2.81
HPE ProLiant ML350 Gen9 Server -Prior to iLO 4 v2.81
HPE ProLiant ML350p Gen8 Server -Prior to iLO 4 v2.81
HPE ProLiant ML350e Gen8 v2 Server -Prior to iLO 4 v2.81
HPE ProLiant ML350e Gen8 Server -Prior to iLO 4 v2.81
HPE ProLiant ML310e Gen8 v2 Server -Prior to iLO 4 v2.81
HPE ProLiant ML310e Gen8 Server -Prior to iLO 4 v2.81
HPE ProLiant ML30 Gen9 Server -Prior to iLO 4 v2.81
HPE ProLiant SL270s Gen8 Server -Prior to iLO 4 v2.81
HPE ProLiant SL270s Gen8 SE Server -Prior to iLO 4 v2.81
HPE ProLiant SL250s Gen8 Server -Prior to iLO 4 v2.81
HPE ProLiant SL230s Gen8 Server -Prior to iLO 4 v2.81
HPE ProLiant SL210t Gen8 Server -Prior to iLO 4 v2.81
HPE ProLiant XL750f Gen9 Server -Prior to iLO 4 v2.81
HPE ProLiant XL740f Gen9 Server -Prior to iLO 4 v2.81
HPE ProLiant XL730f Gen9 Server -Prior to iLO 4 v2.81
HPE ProLiant XL450 Gen9 Server -Prior to iLO 4 v2.81
HPE ProLiant XL270d Gen9 Special Server -Prior to iLO 4 v2.81
HPE ProLiant XL250a Gen9 Server -Prior to iLO 4 v2.81
HPE ProLiant XL230a Gen9 Server -Prior to iLO 4 v2.81
HPE ProLiant XL230b Gen9 Server -Prior to iLO 4 v2.81
HPE ProLiant XL220a Gen8 v2 Server -Prior to iLO 4 v2.81
HPE ProLiant XL190r Gen9 Server -Prior to iLO 4 v2.81
HPE ProLiant XL170r Gen9 Server -Prior to iLO 4 v2.81
HPE ProLiant ML110 Gen9 Server -Prior to iLO 4 v2.81
HPE ProLiant MicroServer Gen8 -Prior to iLO 4 v2.81
HPE ProLiant WS460c Gen9 Graphics Server Blade -Prior to iLO 4 v2.81
HPE ProLiant WS460c Gen8 Graphics Server Blade -Prior to iLO 4 v2.81
HPE Apollo 4200 Gen9 Server -Prior to iLO 4 v2.81
HPE 3PAR StoreServ File Controller -Prior to iLO 4 v2.81
HPE 3PAR StoreServ File Controller v2 Storage -Prior to iLO 4 v2.81
HPE 3PAR StoreServ File Controller v3 System -Prior to iLO 4 v2.81
HPE StoreEasy 1450 Storage -Prior to iLO 4 v2.81
HPE StoreEasy 1550 Storage -Prior to iLO 4 v2.81
HPE StoreEasy 1650 Expanded Storage -Prior to iLO 4 v2.81
HPE StoreEasy 1650 Storage -Prior to iLO 4 v2.81
HPE StoreEasy 1850 Storage -Prior to iLO 4 v2.81
HPE StoreEasy 3850 Gateway Single Node Upgrade -Prior to iLO 4 v2.81
HPE StoreEasy 3850 Gateway Storage -Prior to iLO 4 v2.81
HPE StoreEasy 3850 Gateway Storage Blade -Prior to iLO 4 v2.81
HPE StoreVirtual 3000 File Controller -Prior to iLO 4 v2.81
HPE StoreEasy 1430 Storage -Prior to iLO 4 v2.81
HPE StoreEasy 1440 Storage -Prior to iLO 4 v2.81
HPE StoreEasy 1530 Storage -Prior to iLO 4 v2.81
HPE StoreEasy 1540 Storage -Prior to iLO 4 v2.81
HPE StoreEasy 1630 Storage -Prior to iLO 4 v2.81
HPE StoreEasy 1640 Storage -Prior to iLO 4 v2.81
HPE StoreEasy 1830 Storage -Prior to iLO 4 v2.81
HPE StoreEasy 1840 Storage -Prior to iLO 4 v2.81
HPE StoreEasy 3830 Gateway Storage -Prior to iLO 4 v2.81
HPE StoreEasy 3830 Gateway Storage Blade -Prior to iLO 4 v2.81
HPE StoreEasy 3840 Gateway Storage -Prior to iLO 4 v2.81
HPE StoreEasy 3840 Gateway Storage Blade -Prior to iLO 4 v2.81
HPE Synergy 480 Gen9 Compute Module -Prior to iLO 4 v2.81
HPE Synergy 620 Gen9 Compute Module -Prior to iLO 4 v2.81
HPE Synergy 660 Gen9 Compute Module -Prior to iLO 4 v2.81
HPE Synergy 680 Gen9 Compute Module -Prior to iLO 4 v2.81

Ссылки:

https://support.hpe.com/hpesc/public/docDisplay?docId=emr_na-hpesbhf04366en_us

Теги

HPE
security

💰 Поддержать проект

Похожие материалы

Уязвимость на серверах HPE ProLiant BL/DL/ML — (CVE-2022-26006, CVE-2022-21198). И Supermicro X11, X12, X13.

Олег

Intel

Intel доводит до сведения HP и HPE информацию о потенциальной уязвимости повышения привилегий в BIOS для некоторых моделей процессоров Intel.

Теги

iLO 5 — Security Dashboard

Олег

13 мая 2019
Подробнее о iLO 5 — Security Dashboard

В новой версии прошивки iLO 5 1.40 появилась новая вкладка — Security Dashboard. Дополнительно в правом верхнем углу теперь красуется новая иконка iLO Security.

Теги

HPE
security

ПАК Соболь и ошибка Illegal OpCode при загрузке

Олег

27 июля 2018
Подробнее о ПАК Соболь и ошибка Illegal OpCode при загрузке

ПАК Соболь

Столкнулся с ситуацией, когда ПАК Соболь на смог загрузиться и выпал с ошибкой: RSOD Illegal OpCode.

Теги

security
HPE

Почитать