CVE-2022-28638 — HIGH (7.8)

Q: How severe is CVE-2022-28638?

CVE-2022-28638 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-28638?

Check the references section above for vendor advisories and patch information. Affected products include: Hpe Integrated Lights-Out 5 Firmware, Hp Apollo 4200 Gen10 Server, Hp Apollo 4500, Hp Apollo R2000 Chassis, Hpe Apollo 2000 Gen10 Plus System.

Vulnerability Description

An isolated local disclosure of information and potential isolated local arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability were discovered in HPE Integrated Lights-Out 5 (iLO 5) in Version: 2.71. Hewlett Packard Enterprise has provided updated firmware for HPE Integrated Lights-Out 5 (iLO 5) that addresses these security vulnerabilities.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Hpe	Integrated Lights-Out 5 Firmware	< 2.72
Hp	Apollo 4200 Gen10 Server	-
Hp	Apollo 4500	-
Hp	Apollo R2000 Chassis	-
Hpe	Apollo 2000 Gen10 Plus System	-
Hpe	Apollo 4200 Gen10 Plus System	-
Hpe	Apollo 4510 Gen10 System	-
Hpe	Apollo 6500 Gen10 Plus	-
Hpe	Apollo N2600 Gen10 Plus	-
Hpe	Apollo N2800 Gen10 Plus	-
Hpe	Apollo R2600 Gen10	-
Hpe	Apollo R2800 Gen10	-
Hpe	Edgeline E920 Server Blade	-
Hpe	Edgeline E920D Server Blade	-
Hpe	Edgeline E920T Server Blade	-
Hpe	Integrated Lights-Out 5	-
Hpe	Proliant Bl460C Gen10 Server Blade	-
Hpe	Proliant Dl110 Gen10 Plus Telco Server	-
Hpe	Proliant Dl160 Gen10 Server	-
Hpe	Proliant Dl180 Gen10 Server	-

Related Weaknesses (CWE)

CWE-200

References

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpeVendor Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpeVendor Advisory

FAQ

What is CVE-2022-28638?

CVE-2022-28638 is a vulnerability with a CVSS score of 7.8 (HIGH). An isolated local disclosure of information and potential isolated local arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability we...

How severe is CVE-2022-28638?

CVE-2022-28638 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-28638?

Check the references section above for vendor advisories and patch information. Affected products include: Hpe Integrated Lights-Out 5 Firmware, Hp Apollo 4200 Gen10 Server, Hp Apollo 4500, Hp Apollo R2000 Chassis, Hpe Apollo 2000 Gen10 Plus System.