[Download]: HPE Integrated Lights-Out 2 (iLO 2) Vulnerability

HPE iLO 2 Vulnerability 

There is new detected vulnerability on HPE Integrated Lights-Out 2 (iLO2) that related to TLS protocol 1.2 and earlier. The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the “Logjam” issue.

A vulnerability in the Diffie Hellman Export ciphersuite component in TLS 1.2 and earlier could be exploited remotely to allow disclosure of information.

HPE has released new firmware regarding to fix the issue and resolve this vulnerability in HPE Integrated Lights-Out 2 (iLO 2) version 2.32 and earlier.
Visit the Hewlett Packard Enterprise Support Center site to download the new version:


More on Teimouri.Net

HP Virtual Connect 4.40 – Critical Advisory

HP Scripting Tools for Windows PowerShell

System Center 2016 Integration Pack for HP iLO and OA

HP Lights-Out Stand Alone Remote Console for Windows

Upgrade iLO firmware via SSH

HPE iLO Standalone Remote Console Client

[Review]: What’s FlexibleLOM, FLR and FLB?

Hewlett Packard Enterprise Information Library

[Download]: Critical HPE Servers ROM Update – Spectre Vulnerability

Davoud Teimouri

Davoud Teimouri is as a professional blogger, vExpert 2015/2016/2017/2018/2019, VCA, MCITP. This blog is started with simple posts and now, it has large following readers.

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to our newsletter and join other subscribers

Holler Box