CVE-2013-4805 - OpenCVE

Unspecified vulnerability in HP Integrated Lights-Out 3 (aka iLO3) firmware before 1.60 and 4 (aka iLO4) firmware before 1.30 allows remote attackers to bypass authentication via unknown vectors.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Complete

AV:N/AC:L/Au:N/C:P/I:P/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hp	Integrated Lights-out Firmware

Configuration 1 [-]

OR	cpe:2.3:o:hp:integrated_lights-out_firmware::::::::
	cpe:2.3:o:hp:integrated_lights-out_firmware:1.10:::::::*
	cpe:2.3:o:hp:integrated_lights-out_firmware:1.15:::::::*
	cpe:2.3:o:hp:integrated_lights-out_firmware:1.15a:::::::*
	cpe:2.3:o:hp:integrated_lights-out_firmware:1.16a:::::::*
	cpe:2.3:o:hp:integrated_lights-out_firmware:1.20a:::::::*
	cpe:2.3:o:hp:integrated_lights-out_firmware:1.26a:::::::*
	cpe:2.3:o:hp:integrated_lights-out_firmware:1.27a:::::::*
	cpe:2.3:o:hp:integrated_lights-out_firmware:1.40a:::::::*
	cpe:2.3:o:hp:integrated_lights-out_firmware:1.41a:::::::*
	cpe:2.3:o:hp:integrated_lights-out_firmware:1.42a:::::::*
	cpe:2.3:o:hp:integrated_lights-out_firmware:1.50:::::::*
	cpe:2.3:o:hp:integrated_lights-out_firmware:1.50a:::::::*

No data.

References

Link	Providers
http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03844348
http://www.securityfocus.com/bid/61556

History

No history.

MITRE

Status: PUBLISHED

Assigner: hp

Published: 2013-08-03T01:00:00

Updated: 2024-08-06T16:52:27.119Z

Reserved: 2013-07-12T00:00:00

Link: CVE-2013-4805

Vulnrichment

No data.

NVD

Status : Modified

Published: 2013-08-05T13:22:48.160

Modified: 2013-08-22T06:54:37.907

Link: CVE-2013-4805

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-07-16T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in HP Integrated Lights-Out 3 (aka iLO3) firmware before 1.60 and 4 (aka iLO4) firmware before 1.30 allows remote attackers to bypass authentication via unknown vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-08-22T09:00:00", "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2", "shortName": "hp"}, "references": [{"name": "61556", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/61556"}, {"name": "HPSBMU02902", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03844348"}, {"name": "SSRT101250", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03844348"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "hp-security-alert@hp.com", "ID": "CVE-2013-4805", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in HP Integrated Lights-Out 3 (aka iLO3) firmware before 1.60 and 4 (aka iLO4) firmware before 1.30 allows remote attackers to bypass authentication via unknown vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "61556", "refsource": "BID", "url": "http://www.securityfocus.com/bid/61556"}, {"name": "HPSBMU02902", "refsource": "HP", "url": "http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03844348"}, {"name": "SSRT101250", "refsource": "HP", "url": "http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03844348"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T16:52:27.119Z"}, "title": "CVE Program Container", "references": [{"name": "61556", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/61556"}, {"name": "HPSBMU02902", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03844348"}, {"name": "SSRT101250", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03844348"}]}]}, "cveMetadata": {"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2", "assignerShortName": "hp", "cveId": "CVE-2013-4805", "datePublished": "2013-08-03T01:00:00", "dateReserved": "2013-07-12T00:00:00", "dateUpdated": "2024-08-06T16:52:27.119Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hp:integrated_lights-out_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "21040F4F-4DE7-406F-8220-5B7524B22494", "versionEndIncluding": "1.51a", "vulnerable": true}, {"criteria": "cpe:2.3:o:hp:integrated_lights-out_firmware:1.10:*:*:*:*:*:*:*", "matchCriteriaId": "F3B75737-F8DF-4467-87E6-B3D7D296AF69", "vulnerable": true}, {"criteria": "cpe:2.3:o:hp:integrated_lights-out_firmware:1.15:*:*:*:*:*:*:*", "matchCriteriaId": "FDE41EB1-8AAE-40F8-A7C0-703283020F0F", "vulnerable": true}, {"criteria": "cpe:2.3:o:hp:integrated_lights-out_firmware:1.15a:*:*:*:*:*:*:*", "matchCriteriaId": "223798D1-6965-4EBF-B731-0AADBC853752", "vulnerable": true}, {"criteria": "cpe:2.3:o:hp:integrated_lights-out_firmware:1.16a:*:*:*:*:*:*:*", "matchCriteriaId": "03B3C027-295A-4E8D-AC99-89B1DBC9937E", "vulnerable": true}, {"criteria": "cpe:2.3:o:hp:integrated_lights-out_firmware:1.20a:*:*:*:*:*:*:*", "matchCriteriaId": "859702BA-314B-4BC4-8CA6-1432E8831B89", "vulnerable": true}, {"criteria": "cpe:2.3:o:hp:integrated_lights-out_firmware:1.26a:*:*:*:*:*:*:*", "matchCriteriaId": "58207045-31FF-4B78-832D-A47F49743529", "vulnerable": true}, {"criteria": "cpe:2.3:o:hp:integrated_lights-out_firmware:1.27a:*:*:*:*:*:*:*", "matchCriteriaId": "B378215E-CBEA-4C5B-8BBE-44B8EBA09DA5", "vulnerable": true}, {"criteria": "cpe:2.3:o:hp:integrated_lights-out_firmware:1.40a:*:*:*:*:*:*:*", "matchCriteriaId": "F5066B1C-C809-4547-9E48-4E4822E8B91E", "vulnerable": true}, {"criteria": "cpe:2.3:o:hp:integrated_lights-out_firmware:1.41a:*:*:*:*:*:*:*", "matchCriteriaId": "5CCFA86E-B3F6-4E71-ABC8-75783EBC8817", "vulnerable": true}, {"criteria": "cpe:2.3:o:hp:integrated_lights-out_firmware:1.42a:*:*:*:*:*:*:*", "matchCriteriaId": "FC6ED7F5-C616-4FDD-9D36-697F19A0BE25", "vulnerable": true}, {"criteria": "cpe:2.3:o:hp:integrated_lights-out_firmware:1.50:*:*:*:*:*:*:*", "matchCriteriaId": "D69393F4-139D-47E3-9125-D8633B192C91", "vulnerable": true}, {"criteria": "cpe:2.3:o:hp:integrated_lights-out_firmware:1.50a:*:*:*:*:*:*:*", "matchCriteriaId": "D4397221-10C5-46E8-93A5-17497C5F82DE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in HP Integrated Lights-Out 3 (aka iLO3) firmware before 1.60 and 4 (aka iLO4) firmware before 1.30 allows remote attackers to bypass authentication via unknown vectors."}, {"lang": "es", "value": "Vulnerabilidad no especificada en HP Integrated Lights-Out 3 (tambi\u00e9n conocido como iLO3) firmware anterior a v1.60 y 4 (tambi\u00e9n conocido como iLO4) firmware anterior a v1.30, permite a atacantes remotos evitar la autenticaci\u00f3n a trav\u00e9s de vectores desconocidos."}], "id": "CVE-2013-4805", "lastModified": "2013-08-22T06:54:37.907", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 8.5, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-08-05T13:22:48.160", "references": [{"source": "hp-security-alert@hp.com", "tags": ["Vendor Advisory"], "url": "http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03844348"}, {"source": "hp-security-alert@hp.com", "url": "http://www.securityfocus.com/bid/61556"}], "sourceIdentifier": "hp-security-alert@hp.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}