CVE-2020-7202 - Vulnerability Details

Description

A potential security vulnerability has been identified in HPE Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 4 (iLO 4) firmware. The vulnerability could be remotely exploited to disclose the serial number and other information.

Published: 2021-01-05

Score: 5.3 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

HPE ProLiant Servers, Apollo Products, Converged Systems, and Synergy Compute Modules with Integrated Lights-Out 5 (iLO 5), or Integrated Lights-Out 4 (iLO 4)

affected

Version	Status	Constraints
`Prior to iLO 5 v2.31`	affected	—
`Prior to iLO 4 v2.76`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:hp:integrated_lights-out_4:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:hp:apollo_4200_gen9_server:-:::::::*
	cpe:2.3:h:hp:convergedsystem_cs700:-:::::::*
	cpe:2.3:h:hp:convergedsystem_cs700x:-:::::::*
	cpe:2.3:h:hp:proliant_bl420c_gen8_server:-:::::::*
	cpe:2.3:h:hp:proliant_bl460c_gen8_server_blade:-:::::::*
	cpe:2.3:h:hp:proliant_bl460c_gen9_server_blade:-:::::::*
	cpe:2.3:h:hp:proliant_bl465c_gen8_server_blade:-:::::::*
	cpe:2.3:h:hp:proliant_bl660c_gen8_server_blade:-:::::::*
	cpe:2.3:h:hp:proliant_bl660c_gen9_server:-:::::::*
	cpe:2.3:h:hp:proliant_dl120_gen9_server:-:::::::*
	cpe:2.3:h:hp:proliant_dl160_gen8_server:-:::::::*
	cpe:2.3:h:hp:proliant_dl160_gen9_server:-:::::::*
	cpe:2.3:h:hp:proliant_dl180_gen9_server:-:::::::*
	cpe:2.3:h:hp:proliant_dl320e_gen8_server:-:::::::*
	cpe:2.3:h:hp:proliant_dl320e_gen8_v2_server:-:::::::*
	cpe:2.3:h:hp:proliant_dl360_gen9_server:-:::::::*
	cpe:2.3:h:hp:proliant_dl360e_gen8_server:-:::::::*
	cpe:2.3:h:hp:proliant_dl360p_gen8_server:-:::::::*
	cpe:2.3:h:hp:proliant_dl380_gen9_server:-:::::::*
	cpe:2.3:h:hp:proliant_dl380e_gen8_server:-:::::::*
	cpe:2.3:h:hp:proliant_dl380p_gen8_server:-:::::::*
	cpe:2.3:h:hp:proliant_dl385p_gen8_\(amd\):-:::::::*
	cpe:2.3:h:hp:proliant_dl560_gen8_server:-:::::::*
	cpe:2.3:h:hp:proliant_dl560_gen9_server:-:::::::*
	cpe:2.3:h:hp:proliant_dl580_gen8_server:-:::::::*
	cpe:2.3:h:hp:proliant_dl580_gen9_server:-:::::::*
	cpe:2.3:h:hp:proliant_dl60_gen9_server:-:::::::*
	cpe:2.3:h:hp:proliant_dl80_gen9_server:-:::::::*
	cpe:2.3:h:hp:proliant_microserver_gen8:-:::::::*
	cpe:2.3:h:hp:proliant_ml110_gen9_server:-:::::::*
	cpe:2.3:h:hp:proliant_ml30_gen9_server:-:::::::*
	cpe:2.3:h:hp:proliant_ml310e_gen8_server:-:::::::*
	cpe:2.3:h:hp:proliant_ml310e_gen8_v2_server:-:::::::*
	cpe:2.3:h:hp:proliant_ml350_gen9_server:-:::::::*
	cpe:2.3:h:hp:proliant_ml350e_gen8_server:-:::::::*
	cpe:2.3:h:hp:proliant_ml350e_gen8_v2_server:-:::::::*
	cpe:2.3:h:hp:proliant_ml350p_gen8_server:-:::::::*
	cpe:2.3:h:hp:proliant_sl210t_gen8_server:-:::::::*
	cpe:2.3:h:hp:proliant_sl230s_gen8_server:-:::::::*
	cpe:2.3:h:hp:proliant_sl250s_gen8_server:-:::::::*
	cpe:2.3:h:hp:proliant_sl270s_gen8_se_server:-:::::::*
	cpe:2.3:h:hp:proliant_sl270s_gen8_server:-:::::::*
	cpe:2.3:h:hp:proliant_sl4540_gen8_3_node_server:-:::::::*
	cpe:2.3:h:hp:proliant_ws460c_gen8_graphics_server_blade:-:::::::*
	cpe:2.3:h:hp:proliant_ws460c_gen9_graphics_server_blade:-:::::::*
	cpe:2.3:h:hp:proliant_xl170r_gen9_server:-:::::::*
	cpe:2.3:h:hp:proliant_xl190r_gen9_server:-:::::::*
	cpe:2.3:h:hp:proliant_xl220a_gen8_v2_server:-:::::::*
	cpe:2.3:h:hp:proliant_xl230a_gen9_server:-:::::::*
	cpe:2.3:h:hp:proliant_xl250a_gen9_server:-:::::::*
	cpe:2.3:h:hp:proliant_xl450_gen9_server:-:::::::*
	cpe:2.3:h:hp:proliant_xl730f_gen9_server:-:::::::*
	cpe:2.3:h:hp:proliant_xl740f_gen9_server:-:::::::*
	cpe:2.3:h:hp:proliant_xl750f_gen9_server:-:::::::*
	cpe:2.3:h:hp:synergy_480_gen9_compute_module:-:::::::*

Configuration 2 [-]

AND

cpe:2.3:o:hp:integrated_lights-out_5:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:hp:apollo_4200_gen10_server:-:::::::*
	cpe:2.3:h:hp:apollo_4510_system:-:::::::*
	cpe:2.3:h:hp:apollo_r2000_chassis:-:::::::*
	cpe:2.3:h:hp:convergedsystem_cs700:-:::::::*
	cpe:2.3:h:hp:convergedsystem_cs700x:-:::::::*
	cpe:2.3:h:hp:proliant_bl460c_gen10_server_blade:-:::::::*
	cpe:2.3:h:hp:proliant_dl120_gen10_server:-:::::::*
	cpe:2.3:h:hp:proliant_dl160_gen10_server:-:::::::*
	cpe:2.3:h:hp:proliant_dl180_gen10_server:-:::::::*
	cpe:2.3:h:hp:proliant_dl20_gen10_server:-:::::::*
	cpe:2.3:h:hp:proliant_dl325_gen10_plus_server:-:::::::*
	cpe:2.3:h:hp:proliant_dl325_gen10_server:-:::::::*
	cpe:2.3:h:hp:proliant_dl360_gen10_server:-:::::::*
	cpe:2.3:h:hp:proliant_dl380_gen10_server:-:::::::*
	cpe:2.3:h:hp:proliant_dl385_gen10_plus_server:-:::::::*
	cpe:2.3:h:hp:proliant_dl385_gen10_server:-:::::::*
	cpe:2.3:h:hp:proliant_dl560_gen10_server:-:::::::*
	cpe:2.3:h:hp:proliant_dl580_gen10_server:-:::::::*
	cpe:2.3:h:hp:proliant_ml110_gen10_server:-:::::::*
	cpe:2.3:h:hp:proliant_ml30_gen10_server:-:::::::*
	cpe:2.3:h:hp:proliant_ml350_gen10_server:-:::::::*
	cpe:2.3:h:hp:proliant_xl170r_gen10_server:-:::::::*
	cpe:2.3:h:hp:proliant_xl190r_gen10_server:-:::::::*
	cpe:2.3:h:hp:proliant_xl230k_gen10_server:-:::::::*
	cpe:2.3:h:hp:proliant_xl270d_gen10_server:-:::::::*
	cpe:2.3:h:hp:proliant_xl450_gen10_server:-:::::::*
	cpe:2.3:h:hp:synergy_480_gen10_compute_module:-:::::::*
	cpe:2.3:h:hp:synergy_660_gen10_compute_module:-:::::::*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2020-28336	A potential security vulnerability has been identified in HPE Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 4 (iLO 4) firmware. The vulnerability could be remotely exploited to disclose the serial number and other information.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00474.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04069en_us

History

No history.

Subscriptions

Hp Apollo 4200 Gen10 Server Apollo 4200 Gen9 Server Apollo 4510 System Apollo R2000 Chassis Convergedsystem Cs700 Convergedsystem Cs700x Integrated Lights-out 4 Integrated Lights-out 5 Proliant Bl420c Gen8 Server Proliant Bl460c Gen10 Server Blade Proliant Bl460c Gen8 Server Blade Proliant Bl460c Gen9 Server Blade Proliant Bl465c Gen8 Server Blade Proliant Bl660c Gen8 Server Blade Proliant Bl660c Gen9 Server Proliant Dl120 Gen10 Server Proliant Dl120 Gen9 Server Proliant Dl160 Gen10 Server Proliant Dl160 Gen8 Server Proliant Dl160 Gen9 Server Proliant Dl180 Gen10 Server Proliant Dl180 Gen9 Server Proliant Dl20 Gen10 Server Proliant Dl320e Gen8 Server Proliant Dl320e Gen8 V2 Server Proliant Dl325 Gen10 Plus Server Proliant Dl325 Gen10 Server Proliant Dl360 Gen10 Server Proliant Dl360 Gen9 Server Proliant Dl360e Gen8 Server Proliant Dl360p Gen8 Server Proliant Dl380 Gen10 Server Proliant Dl380 Gen9 Server Proliant Dl380e Gen8 Server Proliant Dl380p Gen8 Server Proliant Dl385 Gen10 Plus Server Proliant Dl385 Gen10 Server Proliant Dl385p Gen8 \(amd\) Proliant Dl560 Gen10 Server Proliant Dl560 Gen8 Server Proliant Dl560 Gen9 Server Proliant Dl580 Gen10 Server Proliant Dl580 Gen8 Server Proliant Dl580 Gen9 Server Proliant Dl60 Gen9 Server Proliant Dl80 Gen9 Server Proliant Microserver Gen8 Proliant Ml110 Gen10 Server Proliant Ml110 Gen9 Server Proliant Ml30 Gen10 Server Proliant Ml30 Gen9 Server Proliant Ml310e Gen8 Server Proliant Ml310e Gen8 V2 Server Proliant Ml350 Gen10 Server Proliant Ml350 Gen9 Server Proliant Ml350e Gen8 Server Proliant Ml350e Gen8 V2 Server Proliant Ml350p Gen8 Server Proliant Sl210t Gen8 Server Proliant Sl230s Gen8 Server Proliant Sl250s Gen8 Server Proliant Sl270s Gen8 Se Server Proliant Sl270s Gen8 Server Proliant Sl4540 Gen8 3 Node Server Proliant Ws460c Gen8 Graphics Server Blade Proliant Ws460c Gen9 Graphics Server Blade Proliant Xl170r Gen10 Server Proliant Xl170r Gen9 Server Proliant Xl190r Gen10 Server Proliant Xl190r Gen9 Server Proliant Xl220a Gen8 V2 Server Proliant Xl230a Gen9 Server Proliant Xl230k Gen10 Server Proliant Xl250a Gen9 Server Proliant Xl270d Gen10 Server Proliant Xl450 Gen10 Server Proliant Xl450 Gen9 Server Proliant Xl730f Gen9 Server Proliant Xl740f Gen9 Server Proliant Xl750f Gen9 Server Synergy 480 Gen10 Compute Module Synergy 480 Gen9 Compute Module Synergy 660 Gen10 Compute Module

MITRE

Status: PUBLISHED

Assigner: hpe

Published: 2021-01-05T14:08:28.000Z

Updated: 2024-08-04T09:25:48.181Z

Reserved: 2020-01-16T00:00:00.000Z

Link: CVE-2020-7202

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-01-05T15:15:14.077

Modified: 2024-11-21T05:36:49.233

Link: CVE-2020-7202

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

NVD-CWE-noinfo

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object