Resource exhaustion in HPE Integrated Lights-Out 5 (iLO 5), and HPE Integrated Lights-Out 6 (iLO 6)

1) Resource exhaustion

EUVDB-ID: #VU107585

Risk: Low

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-30911

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote privileged user can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

HPE ProLiant DL380a Gen11: before 1.53

HPE Alletra 4140: before 1.53

HPE Alletra 4120: before 1.53

HPE Alletra 4110: before 1.53

HPE Synergy 480 Gen11 Compute Module: before 1.53

HPE ProLiant ML30 Gen11: before 1.53

HPE ProLiant DL20 Gen11: before 1.53

HPE ProLiant DL110 Gen11: before 1.53

HPE ProLiant DL560 Gen11: before 1.53

HPE ProLiant ML110 Gen11: before 1.53

HPE ProLiant RL300 Gen11: before 1.53

HPE ProLiant DL325 Gen11 Server: before 1.53

HPE ProLiant DL345 Gen11 Server: before 1.53

HPE ProLiant DL385 Gen11 Server: before 1.53

HPE ProLiant DL365 Gen11 Server: before 1.53

HPE ProLiant DL320 Gen11 Server: before 1.53

HPE ProLiant ML350 Gen11 Server: before 1.53

HPE ProLiant DL360 Gen11 Server: before 1.53

HPE ProLiant DL380 Gen11 Server: before 1.53

HPE ProLiant m750 Server Blade: before 2.98

HPE Edgeline e920t Server Blade: before 2.98

HPE Edgeline e920d Server Blade: before 2.98

HPE Edgeline e920 Server Blade: before 2.98

HPE ProLiant e910t Server Blade: before 2.98

HPE ProLiant e910 Server Blade: before 2.98

HPE Synergy 480 Gen10 Plus Compute Module: before 2.98

HPE Synergy 480 Gen10 Compute Module: before 2.98

HPE Synergy 660 Gen10 Compute Module: before 2.98

HPE Apollo 2000 System: before 2.98

HPE Apollo 4200 Gen10 Server: before 2.98

HPE Apollo 4200 Gen10 Plus System: before 2.98

HPE Apollo 4510 Gen10 System: before 2.98

HPE Apollo 6500 Gen10 System: before 2.98

HPE Apollo 6500 Gen10 Plus System: before 2.98

HPE Apollo n2600 Gen10 Plus: before 2.98

HPE Apollo n2800 Gen10 Plus: before 2.98

HPE Apollo r2200 Gen10 12 LFF Configure-to-order Chassis: before 2.98

HPE Apollo r2600 Gen10 24 SFF Premium Configure-to-order Chassis: before 2.98

HPE Apollo r2800 Gen10 24 SFF Flexible Configure-to-order Chassis: before 2.98

HPE ProLiant XL925g Gen10 Plus 1U 4-node Configure-to-order Server: before 2.98

HPE ProLiant DL110 Gen10 Plus Telco server: before 2.98

HPE ProLiant MicroServer Gen10 Plus v2: before 2.98

HPE ProLiant MicroServer Gen10 Plus: before 2.98

HPE ProLiant XL170r Gen10 Server: before 2.98

HPE ProLiant XL190r Gen10 Server: before 2.98

HPE ProLiant XL220n Gen10 Plus Server: before 2.98

HPE ProLiant XL225n Gen10 Plus 1U Node: before 2.98

HPE ProLiant XL230k Gen10 Server: before 2.98

HPE ProLiant XL2x260w Gen10 Server: before 2.98

HPE ProLiant XL270d Gen10 Server: before 2.98

HPE ProLiant XL290n Gen10 Plus Server: before 2.98

HPE ProLiant XL645d Gen10 Plus Server: before 2.98

HPE ProLiant XL675d Gen10 Plus Server: before 2.98

HPE ProLiant ML30 Gen10 Server: before 2.98

HPE ProLiant ML30 Gen10 Plus server: before 2.98

HPE ProLiant ML110 Gen10 Server: before 2.98

HPE ProLiant ML350 Gen10 Server: before 2.98

HPE ProLiant DL20 Gen10 Server: before 2.98

HPE ProLiant DL20 Gen10 Plus server: before 2.98

HPE ProLiant DL160 Gen10 Server: before 2.98

HPE ProLiant DL180 Gen10 Server: before 2.98

HPE ProLiant DL325 Gen10 Plus v2 server: before 2.98

HPE ProLiant DL325 Gen10 Plus server: before 2.98

HPE ProLiant DL345 Gen10 Plus server: before 2.98

HPE ProLiant DL360 Gen10 Server: before 2.98

HPE ProLiant DL360 Gen10 Plus server: before 2.98

HPE ProLiant DL365 Gen10 Plus server: before 2.98

HPE ProLiant DL380 Gen10 Plus server: before 2.98

HPE ProLiant DL380 Gen10 Server: before 2.98

HPE ProLiant DL385 Gen10 Server: before 2.98

HPE ProLiant DL385 Gen10 Plus v2 server: before 2.98

HPE ProLiant DL385 Gen10 Plus server: before 2.98

HPE ProLiant DL560 Gen10 Server: before 2.98

HPE ProLiant DL580 Gen10 Server: before 2.98

HPE ProLiant BL460c Gen10 Server Blade: before 2.98

HPE Integrated Lights-Out 5 (iLO 5): before 2.98

HPE Integrated Lights-Out 6 (iLO 6): before 1.53

CPE2.3

• cpe:2.3:h:hpe:hpe_proliant_dl380a_gen11:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_alletra_4140:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_alletra_4120:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_alletra_4110:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_synergy_480_gen11_compute_module:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_proliant_ml30_gen11:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_proliant_dl20_gen11:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_proliant_dl110_gen11:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_proliant_dl560_gen11:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_proliant_ml110_gen11:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_proliant_rl300_gen11:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_proliant_dl325_gen11_server:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_proliant_dl345_gen11_server:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_proliant_dl385_gen11_server:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_proliant_dl365_gen11_server:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_proliant_dl320_gen11_server:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_proliant_ml350_gen11_server:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_proliant_dl360_gen11_server:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_proliant_dl380_gen11_server:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_proliant_m750_server_blade:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_edgeline_e920t_server_blade:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_edgeline_e920d_server_blade:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_edgeline_e920_server_blade:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_proliant_e910t_server_blade:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_proliant_e910_server_blade:*:*:*:*:*:*:*:*
• cpe:2.3:a:hpe:hpe_synergy_480_gen10_plus_compute_module:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_synergy_480_gen10_compute_module:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_synergy_660_gen10_compute_module:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_apollo_2000_system:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_apollo_4200_gen10_server:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_apollo_4200_gen10_plus_system:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_apollo_4510_gen10_system:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_apollo_6500_gen10_system:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_apollo_6500_gen10_plus_system:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_apollo_n2600_gen10_plus:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_apollo_n2800_gen10_plus:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_apollo_r2200_gen10_12_lff_configure-to-order_chassis:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_apollo_r2600_gen10_24_sff_premium_configure-to-order_chassis:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_apollo_r2800_gen10_24_sff_flexible_configure-to-order_chassis:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_proliant_xl925g_gen10_plus_1u_4-node_configure-to-order_server:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_proliant_dl110_gen10_plus_telco_server:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_proliant_microserver_gen10_plus_v2:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_proliant_microserver_gen10_plus:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_proliant_xl170r_gen10_server:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_proliant_xl190r_gen10_server:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_proliant_xl220n_gen10_plus_server:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_proliant_xl225n_gen10_plus_1u_node:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_proliant_xl230k_gen10_server:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_proliant_xl2x260w_gen10_server:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_proliant_xl270d_gen10_server:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_proliant_xl290n_gen10_plus_server:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_proliant_xl645d_gen10_plus_server:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_proliant_xl675d_gen10_plus_server:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_proliant_ml30_gen10_server:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_proliant_ml30_gen10_plus_server:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_proliant_ml110_gen10_server:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_proliant_ml350_gen10_server:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_proliant_dl20_gen10_server:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_proliant_dl20_gen10_plus_server:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_proliant_dl160_gen10_server:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_proliant_dl180_gen10_server:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_proliant_dl325_gen10_plus_v2_server:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_proliant_dl325_gen10_plus_server:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_proliant_dl345_gen10_plus_server:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_proliant_dl360_gen10_server:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_proliant_dl360_gen10_plus_server:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_proliant_dl365_gen10_plus_server:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_proliant_dl380_gen10_plus_server:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_proliant_dl380_gen10_server:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_proliant_dl385_gen10_server:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_proliant_dl385_gen10_plus_v2_server:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_proliant_dl385_gen10_plus_server:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_proliant_dl560_gen10_server:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_proliant_dl580_gen10_server:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_proliant_bl460c_gen10_server_blade:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_integrated_lights-out_5_ilo_5:*:*:*:*:*:*:*:*
• cpe:2.3:h:hpe:hpe_integrated_lights-out_6_ilo_6:*:*:*:*:*:*:*:*

External links

https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04544en_us

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.