BugZero | Hewlett Packard Enterprise BugID a00118639en_us - Bulletin: iLO Amplifier Pack

Hewlett Packard Enterprise - Defect ID: a00118639en_us

Bulletin: iLO Amplifier Pack - Remote Unauthenticated Directory Traversal Remote Code Execution Vulnerability on iLO Amplifier Pack Versions 1.80, 1.81, 1.90 and 1.95

Hewlett Packard Enterprise - Defect ID: a00118639en_us

Bulletin: iLO Amplifier Pack - Remote Unauthenticated Directory Traversal Remote Code Execution Vulnerability on iLO Amplifier Pack Versions 1.80, 1.81, 1.90 and 1.95

Last updated on 6/26/2023

Overall: 0N/A

Severity: 0N/A

Community: 0N/A

Lifecycle: 0N/A

What is the BugZero Risk Score?

Vendor details

Priority: Customer Bulletin

Overall: 0N/A

Severity: 0N/A

Community: 0N/A

Lifecycle: 0N/A

What is the BugZero Risk Score?

Vendor details

Priority: Customer Bulletin

Info

A remote unauthenticated directory traversal security vulnerability has been identified in iLO Amplifier Pack versions 1.80, 1.81, 1.90 and 1.95. The vulnerability could be remotely exploited to allow an unauthenticated user to run arbitrary code leading to a complete impact of confidentiality, integrity, and availability of the iLO Amplifier Pack. Note : iLO Amplifier manages one (or more) iLOs on remote systems. Out of an abundance of caution HPE recommends that the passwords for the managed iLOs be changed once the update to iLO Amplifier is applied. For additional information, refer to the HPE Security Bulletin .

Scope

Any HPE system running iLO Amplifier Pack 1.80, 1.81, 1.90 or 1.95. This has not been observed on iLO Amplifier Pack 1.60, 1.70 or 1.71.

Resolution

To resolve this issue, perform a new installation of iLO Amplifier Pack . IMPORTANT : An iLO Amplifier Pack 2.00 binary in-place update is not available instead, a new installation of iLO Amplifier Pack 2.00 is available. This includes 1.95 (or earlier); a new installation of iLO Amplifier Pack 2.00 (or later) must be performed instead of an update. The iLO Amplifier backup and restore is described in the iLO Amplifier Pack User Guide in the "Configuring the iLO Amplifier Pack appliance" chapter under the section "Backup and Restore." Note : The iLO Amplifier Pack does not backup the SPP baselines. This must be performed manually as noted in the user guide. The iLO Amplifier Pack User Guide describes creation of configuration baseline and import of the configuration baseline. RECEIVE PROACTIVE UPDATES : Receive support alerts (such as Customer Advisories), as well as updates on drivers, software, firmware, and customer replaceable components, proactively in your e-mail through HPE Support Alerts. Sign up for Support Alerts at the following URL: Proactive Updates Subscription Form. NAVIGATION TIP: For hints on navigating HPE.com to locate the latest drivers, patches and other support software downloads, refer to the Navigation Tips document. SEARCH TIP: For hints on locating similar documents on HPE.com, refer to the Search Tips document

Original Vendor Announcement

Defect ID: a00138717en_us
Advisory: (Revision) HPE Compute Scale-up Server 3200 - System May Encounter an HWERR_BIOS_HALT_DETECTED Condition During the OS Crashdump Process
Defect ID: a00142136en_us
Advisory: (Revision) HPE ProLiant DL20/ML30 Gen10 Plus Servers - Systems Configured with Intel I350-T4 or Broadcom BCM5719 Adapters May Stop Responding During a Reboot or Shutdown if All Four NIC Ports Are Disabled
Defect ID: a00119124en_us
Notice: (Revision) HPE B-series Switches - Accessing HPE B-series SANnav, Fabric OS, and TruFOS Certificates
Defect ID: a00118860en_us
Advisory: HPE InfoSight for Servers - Manually Uploaded Active Health System (AHS) Log to the Analyze Log Page Is Not Displayed After a Successful Upload to the InfoSight Portal
Defect ID: a00146525en_us
Advisory: HPE OneView - OneView May Display the Error, "Unable to Create Volume Template Error Regarding Read-Only Attribute"

Ready to prevent the next vendor outage?

Get a demo

OPERATIONAL DEFECT DATABASE

Hewlett Packard Enterprise - Defect ID: a00118639en_us

Bulletin: iLO Amplifier Pack - Remote Unauthenticated Directory Traversal Remote Code Execution Vulnerability on iLO Amplifier Pack Versions 1.80, 1.81, 1.90 and 1.95

Hewlett Packard Enterprise - Defect ID: a00118639en_us

Bulletin: iLO Amplifier Pack - Remote Unauthenticated Directory Traversal Remote Code Execution Vulnerability on iLO Amplifier Pack Versions 1.80, 1.81, 1.90 and 1.95

Last updated on 6/26/2023

Vendor details

Vendor details

Description

Info

Scope

Resolution

Links

Top Hewlett Packard Enterprise defects by risk score

Ready to prevent the next vendor outage?