CVE-2022-28638 is a high-severity vulnerability affecting Hewlett Packard Enterprise's Integrated Lights-Out 5 (iLO 5) management firmware, specifically versions prior to 2.72. iLO 5 is a proprietary embedded server management technology that provides out-of-band management capabilities, allowing administrators to remotely monitor, control, and manage HPE servers independently of the operating system. The vulnerability involves an isolated local information disclosure and potential arbitrary code execution. "Isolated local" indicates that exploitation requires local access to the iLO interface, typically through authenticated or privileged access, but does not require user interaction. The vulnerability could allow an attacker with local access to the iLO interface to disclose sensitive information, such as credentials or configuration data, and potentially execute arbitrary code within the isolated iLO environment. This could lead to a compromise of confidentiality, integrity, and availability of the management interface and potentially the underlying server hardware. The CVSS v3.1 base score is 7.8 (high), with vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating that the attack vector is local, requires low attack complexity and low privileges, no user interaction, and impacts confidentiality, integrity, and availability at a high level. Hewlett Packard Enterprise has released firmware version 2.72 to address these issues. No known exploits are currently reported in the wild, but the severity and nature of the vulnerability warrant prompt remediation. The vulnerability is categorized under CWE-200 (Information Exposure), highlighting the risk of sensitive data leakage. Given the critical role of iLO in server management, exploitation could allow attackers to manipulate server operations, disrupt services, or gain persistent footholds in enterprise environments.

For European organizations, the impact of CVE-2022-28638 can be significant, especially for enterprises relying on HPE servers with iLO 5 for critical infrastructure management. Successful exploitation could lead to unauthorized disclosure of sensitive management credentials and configuration data, enabling attackers to gain deeper access to server hardware and potentially the hosted workloads. This could result in data breaches, service disruptions, or sabotage of IT infrastructure. The integrity of server management operations could be compromised, leading to unauthorized changes in server configurations or firmware, which may cause downtime or degraded performance. Availability could also be affected if attackers leverage arbitrary code execution to disrupt management functions or server operations. Given the widespread use of HPE servers in European data centers, government agencies, financial institutions, and large enterprises, the vulnerability poses a risk to critical infrastructure and sensitive data protection obligations under regulations such as GDPR. The local access requirement somewhat limits remote exploitation but does not eliminate risk, as attackers with insider access or who have compromised internal networks could leverage this vulnerability to escalate privileges and move laterally within networks.

European organizations should prioritize updating HPE iLO 5 firmware to version 2.72 or later as provided by Hewlett Packard Enterprise to remediate this vulnerability. Beyond patching, organizations should implement strict access controls to iLO interfaces, including network segmentation to isolate management networks from general user and internet-facing networks. Enforce multi-factor authentication (MFA) for all iLO access to reduce the risk of credential compromise. Regularly audit and monitor iLO access logs for unusual activity indicative of exploitation attempts. Disable unused management interfaces or features within iLO to reduce the attack surface. Employ network-level protections such as firewall rules restricting access to iLO management ports only to authorized administrators. Conduct internal security awareness training to mitigate risks from insider threats and ensure that privileged credentials are managed securely. Finally, integrate iLO firmware updates into routine patch management and vulnerability assessment processes to maintain ongoing security posture.