Vulnerability Description
The server in HP Integrated Lights-Out 2 (aka iLO 2) 2.23 and earlier allows remote attackers to cause a denial of service via crafted HTTPS traffic, as demonstrated by traffic from a CVE-2014-0160 vulnerability-assessment tool.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hp | Integrated Lights-Out 2 Firmware | <= 2.23 |
References
- http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?d
- http://www.securitytracker.com/id/1030148
- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c0PatchVendor Advisory
- https://isc.sans.edu/forums/diary/Be+Careful+what+you+Scan+for/18017/
- http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?d
- http://www.securitytracker.com/id/1030148
- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c0PatchVendor Advisory
- https://isc.sans.edu/forums/diary/Be+Careful+what+you+Scan+for/18017/
FAQ
What is CVE-2014-2601?
CVE-2014-2601 is a vulnerability with a CVSS score of 7.8 (HIGH). The server in HP Integrated Lights-Out 2 (aka iLO 2) 2.23 and earlier allows remote attackers to cause a denial of service via crafted HTTPS traffic, as demonstrated by traffic from a CVE-2014-0160 vu...
How severe is CVE-2014-2601?
CVE-2014-2601 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-2601?
Check the references section above for vendor advisories and patch information. Affected products include: Hp Integrated Lights-Out 2 Firmware.