CVE-2022-28639: remote potential adjacent denial of service (DoS); potential adjacent arbitrary code execution in HPE Integrated Lights-Out 5 (iLO 5)
A remote potential adjacent denial of service (DoS) and potential adjacent arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability were discovered in HPE Integrated Lights-Out 5 (iLO 5) in Version: 2.71. Hewlett Packard Enterprise has provided updated firmware for HPE Integrated Lights-Out 5 (iLO 5) that addresses these security vulnerabilities.
AI Analysis
Technical Summary
CVE-2022-28639 is a high-severity vulnerability affecting Hewlett Packard Enterprise's Integrated Lights-Out 5 (iLO 5) management firmware, specifically versions prior to 2.72. iLO 5 is a proprietary embedded server management technology that provides remote management capabilities for HPE servers, including power control, hardware monitoring, and remote console access. The vulnerability allows a remote attacker with adjacent network access to potentially cause a denial of service (DoS) or execute arbitrary code on the iLO 5 management processor. The CVSS 3.1 score of 8.8 reflects the critical impact on confidentiality, integrity, and availability, with a low attack complexity and no required privileges or user interaction. The attack vector is adjacent network, meaning the attacker must be on the same local network segment or have network adjacency to the iLO interface. The vulnerability is linked to CWE-400, which relates to uncontrolled resource consumption, indicating that the flaw may be triggered by sending crafted network packets that exhaust resources or exploit memory corruption to execute code. Successful exploitation could allow an attacker to disrupt server management functions, manipulate server hardware remotely, or gain unauthorized control over the management processor, potentially leading to full compromise of the server environment. Hewlett Packard Enterprise has released firmware updates (version 2.72 and later) to address these issues, but no public exploits have been reported in the wild as of the publication date.
Potential Impact
For European organizations, this vulnerability poses a significant risk to data center and server infrastructure security. Many enterprises, cloud providers, and government agencies in Europe rely on HPE servers with iLO 5 for critical operations. Exploitation could lead to loss of confidentiality through unauthorized access to management interfaces, integrity violations by altering server configurations or firmware, and availability disruptions via denial of service. This could impact business continuity, data protection compliance (e.g., GDPR), and operational reliability. The ability to execute arbitrary code remotely on management processors could also facilitate lateral movement within networks, increasing the risk of broader compromise. Given the sensitive nature of managed servers in sectors such as finance, healthcare, and public administration, the threat could have cascading effects on critical infrastructure and services.
Mitigation Recommendations
European organizations should immediately verify the firmware version of all HPE iLO 5 interfaces and upgrade to version 2.72 or later where applicable. Network segmentation should be enforced to restrict access to iLO management interfaces strictly to trusted administrative networks, minimizing exposure to adjacent network attackers. Implementing strict access controls, including multi-factor authentication and IP whitelisting for iLO interfaces, can reduce the attack surface. Monitoring network traffic for anomalous patterns targeting iLO ports (typically 443 for HTTPS management) can help detect exploitation attempts. Additionally, organizations should review and harden server management policies, disable unused management interfaces, and ensure that firmware updates are part of routine patch management processes. Regular vulnerability scanning and penetration testing focused on management interfaces can proactively identify residual risks.
Affected Countries
Germany, United Kingdom, France, Netherlands, Italy, Spain, Sweden, Belgium, Poland, Switzerland
CVE-2022-28639: remote potential adjacent denial of service (DoS); potential adjacent arbitrary code execution in HPE Integrated Lights-Out 5 (iLO 5)
Description
A remote potential adjacent denial of service (DoS) and potential adjacent arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability were discovered in HPE Integrated Lights-Out 5 (iLO 5) in Version: 2.71. Hewlett Packard Enterprise has provided updated firmware for HPE Integrated Lights-Out 5 (iLO 5) that addresses these security vulnerabilities.
AI-Powered Analysis
Technical Analysis
CVE-2022-28639 is a high-severity vulnerability affecting Hewlett Packard Enterprise's Integrated Lights-Out 5 (iLO 5) management firmware, specifically versions prior to 2.72. iLO 5 is a proprietary embedded server management technology that provides remote management capabilities for HPE servers, including power control, hardware monitoring, and remote console access. The vulnerability allows a remote attacker with adjacent network access to potentially cause a denial of service (DoS) or execute arbitrary code on the iLO 5 management processor. The CVSS 3.1 score of 8.8 reflects the critical impact on confidentiality, integrity, and availability, with a low attack complexity and no required privileges or user interaction. The attack vector is adjacent network, meaning the attacker must be on the same local network segment or have network adjacency to the iLO interface. The vulnerability is linked to CWE-400, which relates to uncontrolled resource consumption, indicating that the flaw may be triggered by sending crafted network packets that exhaust resources or exploit memory corruption to execute code. Successful exploitation could allow an attacker to disrupt server management functions, manipulate server hardware remotely, or gain unauthorized control over the management processor, potentially leading to full compromise of the server environment. Hewlett Packard Enterprise has released firmware updates (version 2.72 and later) to address these issues, but no public exploits have been reported in the wild as of the publication date.
Potential Impact
For European organizations, this vulnerability poses a significant risk to data center and server infrastructure security. Many enterprises, cloud providers, and government agencies in Europe rely on HPE servers with iLO 5 for critical operations. Exploitation could lead to loss of confidentiality through unauthorized access to management interfaces, integrity violations by altering server configurations or firmware, and availability disruptions via denial of service. This could impact business continuity, data protection compliance (e.g., GDPR), and operational reliability. The ability to execute arbitrary code remotely on management processors could also facilitate lateral movement within networks, increasing the risk of broader compromise. Given the sensitive nature of managed servers in sectors such as finance, healthcare, and public administration, the threat could have cascading effects on critical infrastructure and services.
Mitigation Recommendations
European organizations should immediately verify the firmware version of all HPE iLO 5 interfaces and upgrade to version 2.72 or later where applicable. Network segmentation should be enforced to restrict access to iLO management interfaces strictly to trusted administrative networks, minimizing exposure to adjacent network attackers. Implementing strict access controls, including multi-factor authentication and IP whitelisting for iLO interfaces, can reduce the attack surface. Monitoring network traffic for anomalous patterns targeting iLO ports (typically 443 for HTTPS management) can help detect exploitation attempts. Additionally, organizations should review and harden server management policies, disable unused management interfaces, and ensure that firmware updates are part of routine patch management processes. Regular vulnerability scanning and penetration testing focused on management interfaces can proactively identify residual risks.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- hpe
- Date Reserved
- 2022-04-04T00:00:00.000Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 683864b2182aa0cae27f9cc8
Added to database: 5/29/2025, 1:44:18 PM
Last enriched: 7/8/2025, 3:25:57 AM
Last updated: 8/17/2025, 1:04:06 AM
Views: 9
Related Threats
CVE-2025-3495: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Delta Electronics COMMGR
CriticalCVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.