CVE-2023-50272

Published: Dec 19, 2023Modified: May 7, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A potential security vulnerability has been identified in HPE Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 6 (iLO 6). The vulnerability could be remotely exploited to allow authentication bypass.

Affected (2)

Products: Hpe: Integrated Lights Out 5 Firmware, Integrated Lights Out 6 Firmware

Hpe

2 products

Integrated Lights Out 5 Firmware

Integrated Lights Out 6 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hpe Integrated Lights Out 5 Firmware	From 2.63 to 3.00

Running on/with	Platform Versions
Hpe Integrated Lights Out 5	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hpe Integrated Lights Out 6 Firmware	From 1.05 to 1.55

Running on/with	Platform Versions
Hpe Integrated Lights Out 6	All versions

Related CWEs

CWE-288

Authentication Bypass Using an Alternate Path or Channel

A product requires authentication, but the product has an alternate path or channel that does not require authentication.

References (2)

https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04584en_us

Source: security-alert@hpe.com

Vendor Advisory

https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04584en_us

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.