CVE-2022-28637 is a high-severity vulnerability affecting Hewlett Packard Enterprise's Integrated Lights-Out 5 (iLO 5) management firmware versions prior to 2.72. iLO 5 is a widely used out-of-band management interface embedded in HPE servers, enabling administrators to remotely manage and monitor servers independently of the operating system. The vulnerability allows a local attacker with limited privileges (local access with low privileges) to trigger a denial of service (DoS) condition or potentially execute arbitrary code on the iLO 5 management processor. This could lead to a complete compromise of the iLO subsystem, resulting in loss of confidentiality, integrity, and availability of the management interface. The CVSS 3.1 score of 7.8 reflects the high impact on confidentiality, integrity, and availability, with low attack complexity and requiring only low privileges but no user interaction. Exploitation requires local access to the iLO interface, which is typically accessible via a dedicated management network or through the server's local console. Successful exploitation could allow attackers to disrupt server management capabilities or gain persistent control over the management processor, potentially bypassing operating system-level security controls. Hewlett Packard Enterprise has released firmware version 2.72 to address these vulnerabilities, and updating to this version or later is critical to mitigate the risk. No known public exploits have been reported in the wild as of the publication date, but the potential impact warrants prompt remediation.

For European organizations, the impact of this vulnerability is significant, especially for enterprises and data centers relying on HPE servers with iLO 5 for critical infrastructure management. A successful attack could disrupt server management operations, leading to downtime or degraded service availability. Furthermore, arbitrary code execution on the iLO processor could allow attackers to manipulate server hardware settings, intercept management traffic, or establish persistent footholds that evade traditional OS-level detection. This could compromise sensitive data confidentiality and integrity within the affected servers. Given the widespread deployment of HPE servers in European government, financial, healthcare, and industrial sectors, exploitation could have cascading effects on critical services and compliance with data protection regulations such as GDPR. The local access requirement somewhat limits the attack surface; however, insider threats or attackers who gain initial footholds on internal networks could leverage this vulnerability to escalate privileges and control server management functions.

European organizations should prioritize the following specific mitigation steps: 1) Immediately identify all HPE servers running iLO 5 firmware versions prior to 2.72 through asset management and network scanning tools. 2) Apply the official HPE firmware update to version 2.72 or later as soon as possible to remediate the vulnerability. 3) Restrict physical and network access to the iLO management interfaces by isolating management networks, implementing strict access controls, and using network segmentation to limit exposure. 4) Enforce strong authentication mechanisms for iLO access, including multi-factor authentication where supported, to reduce risk from compromised credentials. 5) Monitor iLO logs and network traffic for unusual activity indicative of exploitation attempts or unauthorized access. 6) Conduct regular security audits and penetration testing on management interfaces to detect potential weaknesses. 7) Educate internal staff about the risks of local access vulnerabilities and enforce policies to minimize insider threat risks. These targeted actions go beyond generic patching advice by emphasizing network architecture, access control, and monitoring tailored to iLO management environments.