What is CVE-2016-4379?

CVE-2016-4379 is a low-severity vulnerability in Hp Integrated_lights-out_3, classified under Cryptographic Issues. CVSS score: 3.7/10. Published 2016-09-08.

How severe is CVE-2016-4379?

Low severity. CVSS v3 base score is 3.7 out of 10.

Vulnerability in Hp Integrated_lights-out_3

CVE-2016-4379

The TLS implementation in HPE Integrated Lights-Out 3 (aka iLO3) firmware before 1.88 does not properly use a MAC protection mechanism in conjunction with CBC padding, which allows remote attackers to obtain sensitive information via a pad…

Vulnerability class: POODLE (CVE-2014-3566)

EPSS: 0.016 (73.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.7 (Low). Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N.

Affected products

Weakness classification (CWE)

CWE-310 — Cryptographic Issues

References

cve@mitre.org (vdb-entry, x_refsource_SECTRACK)
cve@mitre.org (Technical Description, x_refsource_MISC)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
cve@mitre.org (vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2016-4379?: CVE-2016-4379 is a low-severity vulnerability in Hp Integrated_lights-out_3, classified under Cryptographic Issues. CVSS score: 3.7/10. Published 2016-09-08.
How severe is CVE-2016-4379?: Low severity. CVSS v3 base score is 3.7 out of 10.