-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2012-0132 Title: HP Integrated Lights-Out iLO3 and iLO4, Remote Disclosure of Information [1] Version history: 20.11.2012 Initial publication Summary ======= A potential security vulnerability has been identified with HP Integrated Lights-Out iLO3 and iLO4. The vulnerability could be remotely exploited resulting in a disclosure of information. CVE number: CVE-2012-3271 CVSS Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C) Vulnerable systems ================== HP Integrated Lights-Out 3 (iLO3) firmware versions 1.28 and earlier. HP Integrated Lights-Out 4 (iLO4) firmware versions 1.11 and earlier. Original Details ================ A potential security vulnerability has been identified with HP Integrated Lights-Out iLO3 and iLO4. The vulnerability could be remotely exploited resulting in a disclosure of information. References: CVE-2012-3271 What can you do? ================ HP has made the following Firmware updates available to resolve the vulnerabilities. The latest firmware and installation instructions are available from the HP Business Support Center: http://www.hp.com/go/bizsupport HP Integrated Lights-Out 3 (iLO3) Online ROM Flash Component for Linux and Windows v1.50 or subsequent. HP Integrated Lights-Out 4 (iLO4) Online ROM Flash Component for Linux and Windows v1.13 or subsequent. NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. What to tell your users? ======================== N/A More information ================ [1] https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03515413 [2] http://www.hp.com/go/bizsupport [3] http://cve.mitre.org/ Best regards, CERT-EU Pre-configuration Team (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 Privacy Statement: http://cert.europa.eu/cert/plainedition/en/cert_privacy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBAgAGBQJQq5+1AAoJEPpzpNLI8SVoiiAP/jEJARWCCSTP8KPKi9FBBZ+P vOtz2aM9eRhHuDaTu7GiUEebnxT1+0vZB/IcOFII7VO3OSgx+mEfE+Y0Pv5iFaZu 15KKdCw3e20tsYzsleyFNZuA7mElupxzNcImpCa7pikSLPKiU4ob+kjyj0tbtSTm wAy1d0qlw0mg72mkXxVAKpXg4adeqNCI77sXJsL219ZFCf85aSBrMucxBHHnNsl4 GQu13sLoANe5BVvbDXaBcepsOabQa+ow8V7b5EFYCYWRLZQ7N97+HeVf452zG87x Mh7Ibs80wpkwafeEo/r9oF7t+JW2jMEfVBnh1wkfNETD2uenxgmkyz3arFIDRUm5 bsRYzGFG2rGNsVZfrIALt0ToCqANcRfQu/yKX3gkgs8vodxpCUt7j13xzc1sUZQd k/zE7Ga036AGI4Fpxi4dNqrDPSjHg3OT15qVdr6HTQO6DuguohjJRBhu0jEcLi5w 4jluQvaDcQeFJ/4NIkncNtl7x7JIhzfDbvgYJ4kw49qP2Wc4x5hUfEKNFvXlEPpS WQNbVmbI8RyawsfpmxN1urthH1x3Zu0PFbW9qyJG9/c85XSYIlVHNdgjZCnZoO+F zm/ElaNgXK1SR1qmJap0CMOiTo7TFbuJdVAXn/OL35oRvav7uhoyHsixz8jcEp8m pjo66jk67IRR5/pNRNVQ =TIk4 -----END PGP SIGNATURE-----