Login Sign Up

CVE-2022-23704

7.5 HIGH
Denial of Service

📋 TL;DR

A remote denial-of-service vulnerability in HPE Integrated Lights-Out 4 (iLO 4) management controllers could allow attackers to crash or disrupt the iLO service, preventing administrators from managing affected servers. This affects all iLO 4 systems running versions before 2.80. Server administrators and organizations using HPE servers with iLO 4 are impacted.

💻 Affected Systems

Products:
  • HPE Integrated Lights-Out 4 (iLO 4)
Versions: All versions before 2.80
Operating Systems: Not applicable - iLO is firmware-based
Default Config Vulnerable: ⚠️ Yes
Notes: All iLO 4 configurations are vulnerable if running affected firmware versions. The vulnerability is in the iLO firmware itself, not dependent on host OS.

📦 What is this software?

Integrated Lights Out 4 by Hp

View all CVEs affecting Integrated Lights Out 4 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete loss of remote server management capabilities, requiring physical access to reboot or restore iLO functionality, potentially disrupting server operations.

🟠

Likely Case

Temporary disruption of iLO management interface, preventing remote administration until iLO service is restarted.

🟢

If Mitigated

Minimal impact with proper network segmentation and access controls limiting exposure to trusted management networks only.

🌐 Internet-Facing: HIGH - iLO interfaces exposed to the internet could be easily targeted for DoS attacks.
🏢 Internal Only: MEDIUM - Internal attackers or compromised systems could still exploit this vulnerability to disrupt management capabilities.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The vulnerability description suggests remote exploitation without authentication. Specific exploit details are not publicly documented in the advisory.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.80 and later

Vendor Advisory: https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04240en_us

Restart Required: Yes

Instructions:

1. Download iLO 4 firmware version 2.80 or later from HPE Support. 2. Upload firmware via iLO web interface or HPE OneView. 3. Apply the firmware update. 4. Reboot the iLO controller when prompted.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict access to iLO management interfaces to trusted management networks only

Access Control Lists

all

Implement firewall rules to limit iLO access to authorized IP addresses only

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate iLO interfaces from untrusted networks
  • Monitor iLO interfaces for unusual traffic patterns or connection attempts

🔍 How to Verify

Check if Vulnerable:

Check iLO firmware version via web interface (System Information > Firmware) or SSH (show /map1/firmware1)

Check Version:

ssh <iLO_IP> 'show /map1/firmware1' | grep Version

Verify Fix Applied:

Confirm firmware version is 2.80 or higher in iLO web interface or via SSH command

📡 Detection & Monitoring

Log Indicators:

  • iLO service crashes or restarts
  • Failed authentication attempts to iLO interface
  • Unusual traffic patterns to iLO ports

Network Indicators:

  • High volume of requests to iLO management ports (typically 17990, 443)
  • Traffic from unexpected sources to iLO interfaces

SIEM Query:

source="iLO" AND (event_type="service_crash" OR event_type="authentication_failure")

📊 Metadata

CVE ID: CVE-2022-23704
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Published: May 9, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON