How severe is CVE-2017-8979?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Vulnerability in Hewlett Packard Enterprise Integrated Lights-out 2 (Ilo 2)

CVE-2017-8979

Security vulnerabilities in the HPE Integrated Lights-Out 2 (iLO 2) firmware could be exploited remotely to allow authentication bypass, code execution, and denial of service.

EPSS: 0.049 (91.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Hewlett Packard Enterprise Integrated Lights-out 2 (Ilo 2) — versions 2.29
Hp Integrated_lights-out
Hp Integrated_lights-out_2_firmware — versions 2.29

References

security-alert@hpe.com (x_refsource_CONFIRM, Vendor Advisory)
security-alert@hpe.com (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2017-8979?: CVE-2017-8979 is a critical-severity vulnerability in Hewlett Packard Enterprise Integrated Lights-out 2 (Ilo 2). CVSS score: 9.8/10. Published 2018-02-15.
How severe is CVE-2017-8979?: Critical severity. CVSS v3 base score is 9.8 out of 10.