Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.3467.2
HPE Integrated Lights-Out 4 (iLO 4) - multiple vulnerabilities
4 November 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: HPE iLO 4
Publisher: Hewlett-Packard
Operating System: Network Appliance
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Access Confidential Data -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2020-11914 CVE-2020-11912 CVE-2020-11911
CVE-2020-11907 CVE-2020-11906 CVE-2020-11900
CVE-2020-11898 CVE-2020-11896
Reference: ESB-2020.3270
ESB-2020.2411.2
Original Bulletin:
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbhf04021en_us
Revision History: November 4 2020: Vendor added Moonshot iLO Chassis Manager to impacted list
October 8 2020: Initial Release
- --------------------------BEGIN INCLUDED TEXT--------------------
SECURITY BULLETIN
Document ID: hpesbhf04021en_us
Version: 2
HPESBHF04021 rev.2 - HPE Integrated Lights-Out 4 (iLO 4) for Moonshot and
Edgeline Cartridges and Blades, and Moonshot iLO Chassis Manager firmware
Ripple20 Multiple Vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as soon
as possible.
Release Date: 2020-10-06
Last Updated: 2020-11-02
Potential Security Impact: Remote: Code Execution, Denial of Service (DoS),
Disclosure of Sensitive Information, Multiple Vulnerabilities
Source: Hewlett Packard Enterprise, HPE Product Security Response Team
VULNERABILITY SUMMARY
Multiple security vulnerabilities have been identified in Integrated Lights-Out
4 (iLO 4) firmware for Moonshot and Edgeline cartridges and blades, and Moonshot
iLO Chassis Manager firmware. The vulnerabilities could be remotely exploited to
execute code, cause denial of service, and expose sensitive information. HPE has
released updated firmware to mitigate these vulnerabilities.
Note: These vulnerabilities are collectively named Ripple20. iLO 4 firmware for
Moonshot and Edgeline cartridges and blades, and Moonshot iLO Chassis Manager
firmware is only exposed to a portion of the Ripple20 vulnerabilities. HPE has
modified the reported Ripple20 CVSS scores and vectors to reflect product
engineering's vulnerability assessment.
References:
CVE-2020-11896
CVE-2020-11898
CVE-2020-11900
CVE-2020-11906
CVE-2020-11907
CVE-2020-11911
CVE-2020-11912
CVE-2020-11914
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HPE ProLiant m510 Server Cartridge -Prior to iLO 4 2.60 for Moonshot
HPE ProLiant m710x Server Blade -Prior to iLO 4 2.60 for Moonshot
HPE ProLiant m710x-L Server Blade -Prior to iLO 4 2.60 for Moonshot
HPE Moonshot Chassis Management Firmware - Prior to Moonshot iLO Chassis Manager 1.62
BACKGROUND
HPE calculates CVSS using CVSS Version 3.1. If the score is provided from NIST,
we will display Version 2.0, 3.0, or 3.1 as provided from NVD.
Reference
V3 Vector, V3 Base Score
V2 Vector, V2 Base Score
CVE-2020-11896
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H 8.2
(AV:N/AC:L/Au:N/C:N/I:P/A:C) 8.5
CVE-2020-11898
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 7.5
(AV:N/AC:L/Au:N/C:C/I:N/A:N) 7.8
CVE-2020-11900
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H 10.0
(AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2020-11906
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H 6.4
(AV:A/AC:H/Au:N/C:P/I:P/A:C) 5.8
CVE-2020-11907
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H 5.9
(AV:A/AC:H/Au:N/C:N/I:P/A:C) 5.3
CVE-2020-11911
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L 3.7
(AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6
CVE-2020-11912
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 3.7
(AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6
CVE-2020-11914
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 3.1
(AV:A/AC:H/Au:N/C:P/I:N/A:N) 1.8
Information on CVSS is documented in HPE Customer Notice: HPSN-2008-002
HPE would like to thank JSOF security researchers Shlomi Oberman and Moshe Kol
for reporting these vulnerabilities to CERT. HPE would like to thank CERT for
reporting these vulnerabilities to security-alert@hpe.com.
RESOLUTION
HPE has released a firmware update and mitigation information to resolve the
vulnerabilities in Integrated Lights-Out 4 (iLO 4) for ProLiant Moonshot and
Edgeline cartridges and blades, and Moonshot iLO Chassis Manager.
Please visit the HPE Support Center [https://support.hpe.com/hpesc/public/home]
to download the latest firmware:
- - HPE Integrated Lights-Out 4 (iLO 4) firmware v2.60 or later for Moonshot and
Edgeline cartridges and blades.
- - HPE Moonshot iLO Chassis Manager firmware v1.62 or later.
HISTORY
Version:1 (rev.1) - 6 October 2020 Initial release
Version:2 (rev.2) - 2 November 2020 Added Moonshot iLO Chassis Manager
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBX6HHvONLKJtyKPYoAQjP1A/7BgM775+chIzdTyXyFhywJo+6lk9KCvAl
cRMZQrJ2DQQHNO+wR8j+3LLSeYe0YCOt8QjAhI7cPR7Tytpa64JabRHwlM2kAugI
r/H/ISEYwSE9iauq7oV9ylgS682LZyq/51ZKOPx0DRx/jJgKtzFM+rGJD94gZl+G
vCYyAwK02naMjo4DLxY0eBCEpGHpy5rBxN6L3sESAjVuSOvfs6VHfsS/ndrOX4Aq
vOXsOOvIwhy9Rb52kJMyi/AwDWHNEyUyjJBJGxVnH9vkANS0MKONEQd1dXxwjBxx
zaZaMMfH4uj1+ie7xZYo2XHLKZglfohJ9jWICw0Y0uUenLrE3zqnM9R7U287fLD/
Re6tju2df50XVX0k9eqPEXA1OaBqOGYZhYDlLOze1629pMlp0DnxEVgfOKjYZNgE
NiWxq3fITVJCPMOSZBpV96sgH/DJa6kcsEXpQoFDszn08grFkjpwOJ3kdvjIVCCI
zd1VCwR4MQUQOq9Zff+huSUiHsAbS+/g5PTN6e5u3nOimH6Hyybbw75Oux/qZjIy
fAMTSG3ksF3OZ2yFPsS6MyndZ6LexLw8+quY+AgtoI783h1GPMtG1e6xdpTQSnNI
i8jZ2Vy0DUlk+Ev/wPY0MDVjfvF4v6/E9WAGEGFGC2wEMoLutZKsSpTF6CZrSsRZ
MU/n53ULQpE=
=mdGn
-----END PGP SIGNATURE-----