CVE-2022-28637: local denial of service (DoS); potential local arbitrary code execution in HPE Integrated Lights-Out 5 (iLO 5)
A local Denial of Service (DoS) and local arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability were discovered in HPE Integrated Lights-Out 5 (iLO 5) in Version: 2.71. Hewlett Packard Enterprise has provided updated firmware for HPE Integrated Lights-Out 5 (iLO 5) that addresses these security vulnerabilities.
AI Analysis
Technical Summary
CVE-2022-28637 is a high-severity vulnerability affecting Hewlett Packard Enterprise's Integrated Lights-Out 5 (iLO 5) management firmware versions prior to 2.72. iLO 5 is a widely used out-of-band management interface embedded in HPE servers, enabling administrators to remotely manage and monitor servers independently of the operating system. The vulnerability allows a local attacker with limited privileges (local access with low privileges) to trigger a denial of service (DoS) condition or potentially execute arbitrary code on the iLO 5 management processor. This could lead to a complete compromise of the iLO subsystem, resulting in loss of confidentiality, integrity, and availability of the management interface. The CVSS 3.1 score of 7.8 reflects the high impact on confidentiality, integrity, and availability, with low attack complexity and requiring only low privileges but no user interaction. Exploitation requires local access to the iLO interface, which is typically accessible via a dedicated management network or through the server's local console. Successful exploitation could allow attackers to disrupt server management capabilities or gain persistent control over the management processor, potentially bypassing operating system-level security controls. Hewlett Packard Enterprise has released firmware version 2.72 to address these vulnerabilities, and updating to this version or later is critical to mitigate the risk. No known public exploits have been reported in the wild as of the publication date, but the potential impact warrants prompt remediation.
Potential Impact
For European organizations, the impact of this vulnerability is significant, especially for enterprises and data centers relying on HPE servers with iLO 5 for critical infrastructure management. A successful attack could disrupt server management operations, leading to downtime or degraded service availability. Furthermore, arbitrary code execution on the iLO processor could allow attackers to manipulate server hardware settings, intercept management traffic, or establish persistent footholds that evade traditional OS-level detection. This could compromise sensitive data confidentiality and integrity within the affected servers. Given the widespread deployment of HPE servers in European government, financial, healthcare, and industrial sectors, exploitation could have cascading effects on critical services and compliance with data protection regulations such as GDPR. The local access requirement somewhat limits the attack surface; however, insider threats or attackers who gain initial footholds on internal networks could leverage this vulnerability to escalate privileges and control server management functions.
Mitigation Recommendations
European organizations should prioritize the following specific mitigation steps: 1) Immediately identify all HPE servers running iLO 5 firmware versions prior to 2.72 through asset management and network scanning tools. 2) Apply the official HPE firmware update to version 2.72 or later as soon as possible to remediate the vulnerability. 3) Restrict physical and network access to the iLO management interfaces by isolating management networks, implementing strict access controls, and using network segmentation to limit exposure. 4) Enforce strong authentication mechanisms for iLO access, including multi-factor authentication where supported, to reduce risk from compromised credentials. 5) Monitor iLO logs and network traffic for unusual activity indicative of exploitation attempts or unauthorized access. 6) Conduct regular security audits and penetration testing on management interfaces to detect potential weaknesses. 7) Educate internal staff about the risks of local access vulnerabilities and enforce policies to minimize insider threat risks. These targeted actions go beyond generic patching advice by emphasizing network architecture, access control, and monitoring tailored to iLO management environments.
Affected Countries
Germany, United Kingdom, France, Netherlands, Italy, Spain, Sweden, Belgium, Poland, Switzerland
CVE-2022-28637: local denial of service (DoS); potential local arbitrary code execution in HPE Integrated Lights-Out 5 (iLO 5)
Description
A local Denial of Service (DoS) and local arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability were discovered in HPE Integrated Lights-Out 5 (iLO 5) in Version: 2.71. Hewlett Packard Enterprise has provided updated firmware for HPE Integrated Lights-Out 5 (iLO 5) that addresses these security vulnerabilities.
AI-Powered Analysis
Technical Analysis
CVE-2022-28637 is a high-severity vulnerability affecting Hewlett Packard Enterprise's Integrated Lights-Out 5 (iLO 5) management firmware versions prior to 2.72. iLO 5 is a widely used out-of-band management interface embedded in HPE servers, enabling administrators to remotely manage and monitor servers independently of the operating system. The vulnerability allows a local attacker with limited privileges (local access with low privileges) to trigger a denial of service (DoS) condition or potentially execute arbitrary code on the iLO 5 management processor. This could lead to a complete compromise of the iLO subsystem, resulting in loss of confidentiality, integrity, and availability of the management interface. The CVSS 3.1 score of 7.8 reflects the high impact on confidentiality, integrity, and availability, with low attack complexity and requiring only low privileges but no user interaction. Exploitation requires local access to the iLO interface, which is typically accessible via a dedicated management network or through the server's local console. Successful exploitation could allow attackers to disrupt server management capabilities or gain persistent control over the management processor, potentially bypassing operating system-level security controls. Hewlett Packard Enterprise has released firmware version 2.72 to address these vulnerabilities, and updating to this version or later is critical to mitigate the risk. No known public exploits have been reported in the wild as of the publication date, but the potential impact warrants prompt remediation.
Potential Impact
For European organizations, the impact of this vulnerability is significant, especially for enterprises and data centers relying on HPE servers with iLO 5 for critical infrastructure management. A successful attack could disrupt server management operations, leading to downtime or degraded service availability. Furthermore, arbitrary code execution on the iLO processor could allow attackers to manipulate server hardware settings, intercept management traffic, or establish persistent footholds that evade traditional OS-level detection. This could compromise sensitive data confidentiality and integrity within the affected servers. Given the widespread deployment of HPE servers in European government, financial, healthcare, and industrial sectors, exploitation could have cascading effects on critical services and compliance with data protection regulations such as GDPR. The local access requirement somewhat limits the attack surface; however, insider threats or attackers who gain initial footholds on internal networks could leverage this vulnerability to escalate privileges and control server management functions.
Mitigation Recommendations
European organizations should prioritize the following specific mitigation steps: 1) Immediately identify all HPE servers running iLO 5 firmware versions prior to 2.72 through asset management and network scanning tools. 2) Apply the official HPE firmware update to version 2.72 or later as soon as possible to remediate the vulnerability. 3) Restrict physical and network access to the iLO management interfaces by isolating management networks, implementing strict access controls, and using network segmentation to limit exposure. 4) Enforce strong authentication mechanisms for iLO access, including multi-factor authentication where supported, to reduce risk from compromised credentials. 5) Monitor iLO logs and network traffic for unusual activity indicative of exploitation attempts or unauthorized access. 6) Conduct regular security audits and penetration testing on management interfaces to detect potential weaknesses. 7) Educate internal staff about the risks of local access vulnerabilities and enforce policies to minimize insider threat risks. These targeted actions go beyond generic patching advice by emphasizing network architecture, access control, and monitoring tailored to iLO management environments.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- hpe
- Date Reserved
- 2022-04-04T00:00:00.000Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 68360472182aa0cae21ef75e
Added to database: 5/27/2025, 6:29:06 PM
Last enriched: 7/6/2025, 2:26:36 AM
Last updated: 8/14/2025, 11:30:06 PM
Views: 12
Related Threats
CVE-2025-52621: CWE-346 Origin Validation Error in HCL Software BigFix SaaS Remediate
MediumCVE-2025-52620: CWE-20 Improper Input Validation in HCL Software BigFix SaaS Remediate
MediumCVE-2025-52619: CWE-209 Generation of Error Message Containing Sensitive Information in HCL Software BigFix SaaS Remediate
MediumCVE-2025-52618: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in HCL Software BigFix SaaS Remediate
MediumCVE-2025-43201: An app may be able to unexpectedly leak a user's credentials in Apple Apple Music Classical for Android
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.