CVE-2022-28639 is a high-severity vulnerability affecting Hewlett Packard Enterprise's Integrated Lights-Out 5 (iLO 5) management firmware, specifically versions prior to 2.72. iLO 5 is a proprietary embedded server management technology that provides remote management capabilities for HPE servers, including power control, hardware monitoring, and remote console access. The vulnerability allows a remote attacker with adjacent network access to potentially cause a denial of service (DoS) or execute arbitrary code on the iLO 5 management processor. The CVSS 3.1 score of 8.8 reflects the critical impact on confidentiality, integrity, and availability, with a low attack complexity and no required privileges or user interaction. The attack vector is adjacent network, meaning the attacker must be on the same local network segment or have network adjacency to the iLO interface. The vulnerability is linked to CWE-400, which relates to uncontrolled resource consumption, indicating that the flaw may be triggered by sending crafted network packets that exhaust resources or exploit memory corruption to execute code. Successful exploitation could allow an attacker to disrupt server management functions, manipulate server hardware remotely, or gain unauthorized control over the management processor, potentially leading to full compromise of the server environment. Hewlett Packard Enterprise has released firmware updates (version 2.72 and later) to address these issues, but no public exploits have been reported in the wild as of the publication date.

For European organizations, this vulnerability poses a significant risk to data center and server infrastructure security. Many enterprises, cloud providers, and government agencies in Europe rely on HPE servers with iLO 5 for critical operations. Exploitation could lead to loss of confidentiality through unauthorized access to management interfaces, integrity violations by altering server configurations or firmware, and availability disruptions via denial of service. This could impact business continuity, data protection compliance (e.g., GDPR), and operational reliability. The ability to execute arbitrary code remotely on management processors could also facilitate lateral movement within networks, increasing the risk of broader compromise. Given the sensitive nature of managed servers in sectors such as finance, healthcare, and public administration, the threat could have cascading effects on critical infrastructure and services.

European organizations should immediately verify the firmware version of all HPE iLO 5 interfaces and upgrade to version 2.72 or later where applicable. Network segmentation should be enforced to restrict access to iLO management interfaces strictly to trusted administrative networks, minimizing exposure to adjacent network attackers. Implementing strict access controls, including multi-factor authentication and IP whitelisting for iLO interfaces, can reduce the attack surface. Monitoring network traffic for anomalous patterns targeting iLO ports (typically 443 for HTTPS management) can help detect exploitation attempts. Additionally, organizations should review and harden server management policies, disable unused management interfaces, and ensure that firmware updates are part of routine patch management processes. Regular vulnerability scanning and penetration testing focused on management interfaces can proactively identify residual risks.