Davoud Teimouri

Virtualization & Datacenter

[Download]: HPE Integrated Lights-Out 2 (iLO 2) Vulnerability

HPE iLO 2 Vulnerability 

There is new detected vulnerability on HPE Integrated Lights-Out 2 (iLO2) that related to TLS protocol 1.2 and earlier. The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the “Logjam” issue.

A vulnerability in the Diffie Hellman Export ciphersuite component in TLS 1.2 and earlier could be exploited remotely to allow disclosure of information.

HPE has released new firmware regarding to fix the issue and resolve this vulnerability in HPE Integrated Lights-Out 2 (iLO 2) version 2.32 and earlier.
Visit the Hewlett Packard Enterprise Support Center site to download the new version:

https://support.hpe.com/hpesc/public/home

More on Teimouri.Net

HP Virtual Connect 4.40 – Critical Advisory

HP Scripting Tools for Windows PowerShell

System Center 2016 Integration Pack for HP iLO and OA

HP Lights-Out Stand Alone Remote Console for Windows

Upgrade iLO firmware via SSH

HPE iLO Standalone Remote Console Client

[Review]: What’s FlexibleLOM, FLR and FLB?

Hewlett Packard Enterprise Information Library

[Download]: Critical HPE Servers ROM Update – Spectre Vulnerability

12,244 total views, 3 views today

[Download]: HPE Integrated Lights-Out 2 (iLO 2) Vulnerability

Davoud Teimouri is as a professional blogger, vExpert 2015/2016/2017/2018, VCA, MCITP. This blog is started with simple posts and now, it has large following readers.

Leave a Reply

Your email address will not be published. Required fields are marked *

Teimouri.net © 2012 Frontier Theme
Read previous post:
[Download]: HPE Microprocessor Vulnerability ROM Updates

Microprocessor Vulnerability ROM Updates HPE has released ROM update to preventing Side Channel Analysis Method vulnerability on the below servers and...

Close