Перейти к основному содержанию

HPE iLO — уязвимость DoS (CVE-2022-0778)

Hewlett Packard Enterprise

В марте 2022 г в библиотеке OpenSSL была обнаружена уязвимость CVE-2022-0778 (7.5 балла по шкале CVSS). Злоумышленник может спровоцировать выполнение бесконечного цикла. Как следствие — DoS (Denial of Service, отказ в обслуживании).

Вчера от HPE приходит бюллетень уязвимостей, в списке которых числится и CVE-2022-0778. Системы удалённого управления iLO 4 и iLO используют библиотеку OpenSSL, соответственно, нужно обновлять iLO.

Уязвимые версии:

  • HPE Integrated Lights-Out 5 (iLO 5) для HPE Gen10 серверов — до v2.72
  • HPE Integrated Lights-Out 4 (iLO 4) для HPE Gen9 серверов — до v2.81

Уязвимые модели серверов:

  • HP ConvergedSystem 700 - Varies, based on server platform
  • HP ConvergedSystem 700x - Varies, based on server platform
  • HPE ProLiant BL460c Gen10 Server Blade -Prior to iLO 5 v2.72
  • HPE ProLiant DL580 Gen10 Server -Prior to iLO 5 v2.72
  • HPE ProLiant DL560 Gen10 Server -Prior to iLO 5 v2.72
  • HPE ProLiant DL385 Gen10 Plus server -Prior to iLO 5 v2.72
  • HPE ProLiant DL385 Gen10 Server -Prior to iLO 5 v2.72
  • HPE ProLiant DL385 Gen10 Plus v2 server -Prior to iLO 5 v2.72
  • HPE ProLiant DL380 Gen10 Plus server -Prior to iLO 5 v2.72
  • HPE ProLiant DL380 Gen10 Server -Prior to iLO 5 v2.72
  • HPE ProLiant DL365 Gen10 Plus server -Prior to iLO 5 v2.72
  • HPE ProLiant DL360 Gen10 Plus server -Prior to iLO 5 v2.72
  • HPE ProLiant DL360 Gen10 Server -Prior to iLO 5 v2.72
  • HPE ProLiant DL345 Gen10 Plus server -Prior to iLO 5 v2.72
  • HPE ProLiant DL325 Gen10 Plus server -Prior to iLO 5 v2.72
  • HPE ProLiant DL325 Gen10 Server -Prior to iLO 5 v2.72
  • HPE ProLiant DL180 Gen10 Server -Prior to iLO 5 v2.72
  • HPE ProLiant DL160 Gen10 Server -Prior to iLO 5 v2.72
  • HPE ProLiant DL120 Gen10 Server -Prior to iLO 5 v2.72
  • HPE ProLiant DL20 Gen10 Plus server -Prior to iLO 5 v2.72
  • HPE ProLiant DL20 Gen10 Server -Prior to iLO 5 v2.72
  • HPE ProLiant DX170r Gen10 server -Prior to iLO 5 v2.72
  • HPE ProLiant DX190r Gen10 server -Prior to iLO 5 v2.72
  • HPE ProLiant DX220n Gen10 Plus server -Prior to iLO 5 v2.72
  • HPE ProLiant DX325 Gen10 Plus v2 server -Prior to iLO 5 v2.72
  • HPE ProLiant DX360 Gen10 Plus server -Prior to iLO 5 v2.72
  • HPE ProLiant DX360 Gen10 server -Prior to iLO 5 v2.72
  • HPE ProLiant DX380 Gen10 Plus server -Prior to iLO 5 v2.72
  • HPE ProLiant DX380 Gen10 server -Prior to iLO 5 v2.72
  • HPE ProLiant DX385 Gen10 Plus v2 server -Prior to iLO 5 v2.72
  • HPE ProLiant DX385 Gen10 Plus server -Prior to iLO 5 v2.72
  • HPE ProLiant DX560 Gen10 server -Prior to iLO 5 v2.72
  • HPE ProLiant DX4200 Gen10 server -Prior to iLO 5 v2.72
  • HPE ProLiant ML350 Gen10 Server -Prior to iLO 5 v2.72
  • HPE ProLiant ML110 Gen10 Server -Prior to iLO 5 v2.72
  • HPE ProLiant ML30 Gen10 Plus server -Prior to iLO 5 v2.72
  • HPE ProLiant ML30 Gen10 Server -Prior to iLO 5 v2.72
  • HPE Storage File Controller -Prior to iLO 5 v2.72
  • HPE Storage Performance File Controller -Prior to iLO 5 v2.72
  • HPE StoreEasy 1460 Storage -Prior to iLO 5 v2.72
  • HPE StoreEasy 1560 Storage -Prior to iLO 5 v2.72
  • HPE StoreEasy 1660 Expanded Storage -Prior to iLO 5 v2.72
  • HPE StoreEasy 1660 Performance Storage -Prior to iLO 5 v2.72
  • HPE StoreEasy 1660 Storage -Prior to iLO 5 v2.72
  • HPE StoreEasy 1860 Performance Storage -Prior to iLO 5 v2.72
  • HPE StoreEasy 1860 Storage -Prior to iLO 5 v2.72
  • HPE ProLiant XL675d Gen10 Plus Server -Prior to iLO 5 v2.72
  • HPE ProLiant XL645d Gen10 Plus Server -Prior to iLO 5 v2.72
  • HPE ProLiant XL450 Gen10 Server -Prior to iLO 5 v2.72
  • HPE ProLiant XL290n Gen10 Plus Server -Prior to iLO 5 v2.72
  • HPE ProLiant XL270d Gen10 Server -Prior to iLO 5 v2.72
  • HPE ProLiant XL230k Gen10 Server -Prior to iLO 5 v2.72
  • HPE ProLiant XL225n Gen10 Plus 1U Node -Prior to iLO 5 v2.72
  • HPE ProLiant XL220n Gen10 Plus Server -Prior to iLO 5 v2.72
  • HPE ProLiant XL190r Gen10 Server -Prior to iLO 5 v2.72
  • HPE ProLiant XL170r Gen10 Server -Prior to iLO 5 v2.72
  • HPE ProLiant e910 Server Blade -Prior to iLO 5 v2.72
  • HPE ProLiant e910t Server Blade -Prior to iLO 5 v2.72
  • HPE Edgeline e920 Server Blade -Prior to iLO 5 v2.72
  • HPE Edgeline e920d Server Blade -Prior to iLO 5 v2.72
  • HPE Edgeline e920t Server Blade -Prior to iLO 5 v2.72
  • HPE Apollo 6500 Gen10 Plus System -Prior to iLO 5 v2.72
  • HPE Apollo 6500 Gen10 System -Prior to iLO 5 v2.72
  • HPE Apollo 4510 Gen10 System -Prior to iLO 5 v2.72
  • HPE Apollo 4200 Gen10 Plus System -Prior to iLO 5 v2.72
  • HPE Apollo 4200 Gen10 Server -Prior to iLO 5 v2.72
  • HPE Apollo n2800 Gen10 Plus -Prior to iLO 5 v2.72
  • HPE Apollo r2800 Gen10 24 SFF Flexible Configure-to-order Chassis -Prior to iLO 5 v2.72
  • HPE Apollo n2600 Gen10 Plus -Prior to iLO 5 v2.72
  • HPE Apollo r2600 Gen10 24 SFF Premium Configure-to-order Chassis -Prior to iLO 5 v2.72
  • HPE Apollo r2200 Gen10 12 LFF Configure-to-order Chassis -Prior to iLO 5 v2.72
  • HPE Apollo r2000 Chassis -Prior to iLO 5 v2.72
  • HPE ProLiant BL660c Gen9 Server -Prior to iLO 4 v2.81
  • HPE ProLiant BL660c Gen8 Server Blade -Prior to iLO 4 v2.81
  • HPE ProLiant BL465c Gen8 Server Blade -Prior to iLO 4 v2.81
  • HPE ProLiant BL460c Gen9 Server Blade -Prior to iLO 4 v2.81
  • HPE ProLiant BL460c Gen8 Server Blade -Prior to iLO 4 v2.81
  • HPE ProLiant BL420c Gen8 Server -Prior to iLO 4 v2.81
  • HPE ProLiant DL580 Gen9 Server -Prior to iLO 4 v2.81
  • HPE ProLiant DL580 Gen8 Server -Prior to iLO 4 v2.81
  • HPE ProLiant DL560 Gen9 Server -Prior to iLO 4 v2.81
  • HPE ProLiant DL560 Gen8 Server -Prior to iLO 4 v2.81
  • HPE ProLiant DL385p Gen8 (AMD) -Prior to iLO 4 v2.81
  • HPE ProLiant DL380 Gen9 Server -Prior to iLO 4 v2.81
  • HPE ProLiant DL380p Gen8 Server -Prior to iLO 4 v2.81
  • HPE ProLiant DL380e Gen8 Server -Prior to iLO 4 v2.81
  • HPE ProLiant DL360 Gen9 Server -Prior to iLO 4 v2.81
  • HPE ProLiant DL360p Gen8 Server -Prior to iLO 4 v2.81
  • HPE ProLiant DL360e Gen8 Server -Prior to iLO 4 v2.81
  • HPE ProLiant DL320e Gen8 v2 Server -Prior to iLO 4 v2.81
  • HPE ProLiant DL320e Gen8 Server -Prior to iLO 4 v2.81
  • HPE ProLiant DL180 Gen9 Server -Prior to iLO 4 v2.81
  • HPE ProLiant DL160 Gen9 Server -Prior to iLO 4 v2.81
  • HPE ProLiant DL160 Gen8 Server -Prior to iLO 4 v2.81
  • HPE ProLiant DL120 Gen9 Server -Prior to iLO 4 v2.81
  • HPE ProLiant DL80 Gen9 Server -Prior to iLO 4 v2.81
  • HPE ProLiant DL60 Gen9 Server -Prior to iLO 4 v2.81
  • HPE ProLiant DL20 Gen9 Server -Prior to iLO 4 v2.81
  • HPE ProLiant ML350 Gen9 Server -Prior to iLO 4 v2.81
  • HPE ProLiant ML350p Gen8 Server -Prior to iLO 4 v2.81
  • HPE ProLiant ML350e Gen8 v2 Server -Prior to iLO 4 v2.81
  • HPE ProLiant ML350e Gen8 Server -Prior to iLO 4 v2.81
  • HPE ProLiant ML310e Gen8 v2 Server -Prior to iLO 4 v2.81
  • HPE ProLiant ML310e Gen8 Server -Prior to iLO 4 v2.81
  • HPE ProLiant ML30 Gen9 Server -Prior to iLO 4 v2.81
  • HPE ProLiant SL270s Gen8 Server -Prior to iLO 4 v2.81
  • HPE ProLiant SL270s Gen8 SE Server -Prior to iLO 4 v2.81
  • HPE ProLiant SL250s Gen8 Server -Prior to iLO 4 v2.81
  • HPE ProLiant SL230s Gen8 Server -Prior to iLO 4 v2.81
  • HPE ProLiant SL210t Gen8 Server -Prior to iLO 4 v2.81
  • HPE ProLiant XL750f Gen9 Server -Prior to iLO 4 v2.81
  • HPE ProLiant XL740f Gen9 Server -Prior to iLO 4 v2.81
  • HPE ProLiant XL730f Gen9 Server -Prior to iLO 4 v2.81
  • HPE ProLiant XL450 Gen9 Server -Prior to iLO 4 v2.81
  • HPE ProLiant XL270d Gen9 Special Server -Prior to iLO 4 v2.81
  • HPE ProLiant XL250a Gen9 Server -Prior to iLO 4 v2.81
  • HPE ProLiant XL230a Gen9 Server -Prior to iLO 4 v2.81
  • HPE ProLiant XL230b Gen9 Server -Prior to iLO 4 v2.81
  • HPE ProLiant XL220a Gen8 v2 Server -Prior to iLO 4 v2.81
  • HPE ProLiant XL190r Gen9 Server -Prior to iLO 4 v2.81
  • HPE ProLiant XL170r Gen9 Server -Prior to iLO 4 v2.81
  • HPE ProLiant ML110 Gen9 Server -Prior to iLO 4 v2.81
  • HPE ProLiant MicroServer Gen8 -Prior to iLO 4 v2.81
  • HPE ProLiant WS460c Gen9 Graphics Server Blade -Prior to iLO 4 v2.81
  • HPE ProLiant WS460c Gen8 Graphics Server Blade -Prior to iLO 4 v2.81
  • HPE Apollo 4200 Gen9 Server -Prior to iLO 4 v2.81
  • HPE 3PAR StoreServ File Controller -Prior to iLO 4 v2.81
  • HPE 3PAR StoreServ File Controller v2 Storage -Prior to iLO 4 v2.81
  • HPE 3PAR StoreServ File Controller v3 System -Prior to iLO 4 v2.81
  • HPE StoreEasy 1450 Storage -Prior to iLO 4 v2.81
  • HPE StoreEasy 1550 Storage -Prior to iLO 4 v2.81
  • HPE StoreEasy 1650 Expanded Storage -Prior to iLO 4 v2.81
  • HPE StoreEasy 1650 Storage -Prior to iLO 4 v2.81
  • HPE StoreEasy 1850 Storage -Prior to iLO 4 v2.81
  • HPE StoreEasy 3850 Gateway Single Node Upgrade -Prior to iLO 4 v2.81
  • HPE StoreEasy 3850 Gateway Storage -Prior to iLO 4 v2.81
  • HPE StoreEasy 3850 Gateway Storage Blade -Prior to iLO 4 v2.81
  • HPE StoreVirtual 3000 File Controller -Prior to iLO 4 v2.81
  • HPE StoreEasy 1430 Storage -Prior to iLO 4 v2.81
  • HPE StoreEasy 1440 Storage -Prior to iLO 4 v2.81
  • HPE StoreEasy 1530 Storage -Prior to iLO 4 v2.81
  • HPE StoreEasy 1540 Storage -Prior to iLO 4 v2.81
  • HPE StoreEasy 1630 Storage -Prior to iLO 4 v2.81
  • HPE StoreEasy 1640 Storage -Prior to iLO 4 v2.81
  • HPE StoreEasy 1830 Storage -Prior to iLO 4 v2.81
  • HPE StoreEasy 1840 Storage -Prior to iLO 4 v2.81
  • HPE StoreEasy 3830 Gateway Storage -Prior to iLO 4 v2.81
  • HPE StoreEasy 3830 Gateway Storage Blade -Prior to iLO 4 v2.81
  • HPE StoreEasy 3840 Gateway Storage -Prior to iLO 4 v2.81
  • HPE StoreEasy 3840 Gateway Storage Blade -Prior to iLO 4 v2.81
  • HPE Synergy 480 Gen9 Compute Module -Prior to iLO 4 v2.81
  • HPE Synergy 620 Gen9 Compute Module -Prior to iLO 4 v2.81
  • HPE Synergy 660 Gen9 Compute Module -Prior to iLO 4 v2.81
  • HPE Synergy 680 Gen9 Compute Module -Prior to iLO 4 v2.81

Ссылки:

https://support.hpe.com/hpesc/public/docDisplay?docId=emr_na-hpesbhf04366en_us

Теги

 

Похожие материалы

Уязвимость на серверах HPE ProLiant BL/DL/ML — (CVE-2022-26006, CVE-2022-21198). И Supermicro X11, X12, X13.

Intel доводит до сведения HP и HPE информацию о потенциальной уязвимости повышения привилегий в BIOS для некоторых моделей процессоров Intel.

Теги