CVE-2023-50272

HIGH

HPE Integrated Lights-Out 5 2.63-3.00 and iLO 6 1.05-1.55 - Authentication Bypass

Title source: llm

Description

A potential security vulnerability has been identified in HPE Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 6 (iLO 6). The vulnerability could be remotely exploited to allow authentication bypass.

References (1)

Core 1

Core References

Vendor Advisory

https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04584en_us

Scores

CVSS v3 7.5

EPSS 0.0003

EPSS Percentile 8.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-288

Status published

Products (2)

hpe/integrated_lights-out_5_firmware 2.63 - 3.00

hpe/integrated_lights-out_6_firmware 1.05 - 1.55

Published Dec 19, 2023

Tracked Since Feb 18, 2026