Comments (7)
robert-scheck
commented on July 19, 2024
2
After reminding HPE PSRT, the HPE Product Security Response Team case PSRT111155 was today opened for this issue and assigned to the iLO 4 product engineering team.
from ilo4_toolbox.
alexgzt
commented on July 19, 2024
Hi Robert,
Indeed I've been able to reproduce your findings here as well. As far as I remember we did not encountered this endpoint. My opinion would be to report it to HPE PSRT just to make sure they are aware of this one as well (and possibly get more insight if a remediation is possible).
Checking into the code, this upnp/BasicDevice.xml endpoint is handled by the webserver. I have not been able either to find a configuration option to disable it.
Still, the "Level of Data Returned" option from "Administration" => "Management" => "Insight Management Integration", is useful to prevent the information leak from the http://…/xmldata?item=all endpoint when set to "Disabled (No Response to Request)".
alex.
from ilo4_toolbox.
robert-scheck
commented on July 19, 2024
Thank you very much for following up this. I've reported my findings on Mon, 6 Aug 2018 22:59:47 +0200 to HPE PSRT.
from ilo4_toolbox.
robert-scheck
commented on July 19, 2024
As per iLO4 2.73, this information leak still exists and the HPE PSRT never came up with any real reply regarding my report. Note that I can't treat a "I will engage the teams ASAP" but never being followed up as a something serious. Not sure if HPE is interested in (product) security. Nevertheless I tried to warm up the old e-mail tread with HPE PSRT.
from ilo4_toolbox.
alexgzt
commented on July 19, 2024
Thank you for your determination and perseverance on this issue Robert.
from ilo4_toolbox.
robert-scheck
commented on July 19, 2024
Today, HPE PSRT let me know that they are pleased to report that HPE Security Bulletin HPESBHF04069 rev. 1 has been published and is available at https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04069en_us
The iLO information disclosure vulnerability that I reported has been assigned CVE-2020-7202, HPE PSRT will request at MITRE that above HPE Security Bulletin gets linked with the CVE.
In general, affected/vulnerable are the following iLO versions:
- HPE Integrated Lights-Out 5 (iLO 5) - Prior to v2.31
- HPE Integrated Lights-Out 4 (iLO 4) - Prior to v2.76
from ilo4_toolbox.
0xf4b
commented on July 19, 2024
\o/
Congratulations for finally getting it fixed, Robert!
from ilo4_toolbox.
Related Issues (20)
- dissection.rb fails on ilo4_101.bin HOT 4
- Add support for iLO moonshot HOT 3
- iLO 4 < 2.00 lacks of rest api
- Offsets in libc.so HOT 9
- Fan Speed Mod HOT 1
- Methods to recover broken firmware HOT 1
- Error in inserting backdoor in HPE ILO V 2.40 HOT 1
- insert_backdoor.sh did not work properly HOT 8
- linux_backdoor.S is missing HOT 1
- RSA key format is not supported HOT 2
- ILO crashed when 3G to 4G memory holes are read HOT 1
- how to recover symbols HOT 1
- MAC tag is not valid HOT 1
- exploit_get_users.py missing ?
- Cannot Flash Backdoored Firmware HOT 1
- Flash checksum for iLO4 2.60 missing HOT 1
- exploit_check_flash.py does not work with firmware versions other than 2.50 HOT 4
- dissection.rb fails on ilo5_135.bin HOT 3
- Error in patch_webserver_250.py when insert backdoor! HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ilo4_toolbox.