Network-level isolation should be put in place to ensure that iLO systems can only be accessed from dedicated administration VLANs.” Recently, Hewlett Packard Enterprise (HPE) rolled out the latest firmware update to its Integrated Lights-Out Management (iLO) 4, version 2.70.While the firmware update adds several enhancements, the one generating the most buzz is HTML5 support for Remote Console. Upon compromise, wiping and reinstalling the host OS isn’t enough, the paper said. At that point, the hardware should be considered untrusted as well. The research has recently come to light because that the team has been presenting their findings this summer. A vulnerability in HPE iLO 4 servers can be exploited by typing the A key 29 times.Ī video of one of the presentations in French can be found at the SSTIC website. ![]() HPE iLO 4 server users should patch their systems to avoid this vulnerability, which affects firmware versions 2.53 and earlier.
0 Comments
Leave a Reply. |