CVE-2019-11983 Details

CVE-2019-11983

Published: 2019-06-05
Last Modified: 2019-06-07
CVE Author: NIST National Vulnerability Database
CVE Assigner: cve@mitre.org
Summary

A remote buffer overflow vulnerability was identified in HPE Integrated Lights-Out 4 (iLO 4) earlier than v2.61b for Gen9 servers and Integrated Lights-Out 5 (iLO 5) for Gen10 Servers earlier than version v1.39.

Analysis
Common Vulnerability Score System v2.0
Severity High
Base Score 8.3/10
Exploit Score 8.6/10
Access Vector Network
Access Complexity Medium
Authentication None
Impact Score 8.5/10
Confidentiality Impact Partial
Availability Impact Complete
Integrity Impact Partial
Vector String AV:N/AC:M/Au:N/C:P/I:P/A:C
Common Vulnerability Score System v3.1
Severity High
Base Score 7/10
Exploit Score 2.2/10
Access Vector Network
Access Complexity High
Privileges Required None
Impact Score 4.7/10
Confidentiality Impact Low
Availability Impact High
Integrity Impact Low
Scope Unchanged
User Interaction None
Vector String CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
Products Reported
CPE Vulnerable Start Excluding
cpe:2.3:o:hp:integrated_lights-out_5_firmware:*:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:hp:proliant_bl460c_gen10:-:*:*:*:*:*:*:* No - -
cpe:2.3:h:hp:proliant_dl120_gen10:-:*:*:*:*:*:*:* No - -
cpe:2.3:h:hp:proliant_dl160_gen10:-:*:*:*:*:*:*:* No - -
cpe:2.3:h:hp:proliant_dl180_gen10:-:*:*:*:*:*:*:* No - -
cpe:2.3:h:hp:proliant_dl20_gen10:-:*:*:*:*:*:*:* No - -
cpe:2.3:h:hp:proliant_dl325_gen10:-:*:*:*:*:*:*:* No - -
cpe:2.3:h:hp:proliant_dl360_gen10:-:*:*:*:*:*:*:* No - -
cpe:2.3:h:hp:proliant_dl380_gen10:-:*:*:*:*:*:*:* No - -
cpe:2.3:h:hp:proliant_dl385_gen10:-:*:*:*:*:*:*:* No - -
cpe:2.3:h:hp:proliant_dl560_gen10:-:*:*:*:*:*:*:* No - -
cpe:2.3:h:hp:proliant_dl580_gen10:-:*:*:*:*:*:*:* No - -
cpe:2.3:h:hp:proliant_microserver_gen10:-:*:*:*:*:*:*:* No - -
cpe:2.3:h:hp:proliant_ml110_gen10:-:*:*:*:*:*:*:* No - -
cpe:2.3:h:hp:proliant_ml350_gen10:-:*:*:*:*:*:*:* No - -
cpe:2.3:h:hp:proliant_xl170r_gen10:-:*:*:*:*:*:*:* No - -
cpe:2.3:h:hp:proliant_xl190r_gen10:-:*:*:*:*:*:*:* No - -
cpe:2.3:h:hp:proliant_xl230k_gen10:-:*:*:*:*:*:*:* No - -
cpe:2.3:h:hp:proliant_xl450_gen10:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:hp:integrated_lights-out_4_firmware:*:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:hp:proliant_bl460c_gen9:-:*:*:*:*:*:*:* No - -
cpe:2.3:h:hp:proliant_dl120_gen9:-:*:*:*:*:*:*:* No - -
cpe:2.3:h:hp:proliant_dl180_gen9:-:*:*:*:*:*:*:* No - -
cpe:2.3:h:hp:proliant_dl360_gen9:-:*:*:*:*:*:*:* No - -
cpe:2.3:h:hp:proliant_dl380_gen9:-:*:*:*:*:*:*:* No - -
cpe:2.3:h:hp:proliant_dl580_gen9:-:*:*:*:*:*:*:* No - -
cpe:2.3:h:hp:proliant_ml10_gen9:2:*:*:*:*:*:*:* No - -
cpe:2.3:h:hp:proliant_ml110_gen9:-:*:*:*:*:*:*:* No - -
cpe:2.3:h:hp:proliant_ml150_gen9:-:*:*:*:*:*:*:* No - -
cpe:2.3:h:hp:proliant_ml30_gen9:2:*:*:*:*:*:*:* No - -
cpe:2.3:h:hp:proliant_ml350_gen9:-:*:*:*:*:*:*:* No - -
cpe:2.3:h:hp:proliant_ws460c_gen9:-:*:*:*:*:*:*:* No - -
cpe:2.3:h:hp:proliant_xl170r_gen9:-:*:*:*:*:*:*:* No - -
cpe:2.3:h:hp:proliant_xl190r_gen9:-:*:*:*:*:*:*:* No - -
cpe:2.3:h:hp:proliant_xl230a_gen9:-:*:*:*:*:*:*:* No - -
cpe:2.3:h:hp:proliant_xl250a_gen9:-:*:*:*:*:*:*:* No - -
cpe:2.3:h:hp:proliant_xl730f_gen9:*:*:*:*:*:*:*:* No - -
cpe:2.3:h:hp:proliant_xl740f_gen9:-:*:*:*:*:*:*:* No - -
cpe:2.3:h:hp:proliant_xl750f_gen9:-:*:*:*:*:*:*:* No - -
References

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03917en_us

CVE ID
CVE-2019-11983
Published
2019-06-05
Modified
2019-06-07
CVSSv2.0
High
CVSSv3.1
High
PCI Compliance
Fail
US-CERT Alert
No
CWE
CWE-119

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities.