How severe is CVE-2018-7105?

High severity. CVSS v3 base score is 7.2 out of 10.

Is CVE-2018-7105 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Hewlett Packard Enterprise Hpe Integrated Lights-out 5 (Ilo 5) For Gen10 Servers, 4 4), 3 3)

CVE-2018-7105

A security vulnerability in HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers prior to v1.35, HPE Integrated Lights-Out 4 (iLO 4) prior to v2.61, HPE Integrated Lights-Out 3 (iLO 3) prior to v1.90 could be remotely exploited to exe…

EPSS: 0.041 (89.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.2 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.

Affected products

Hewlett Packard Enterprise Hpe Integrated Lights-out 5 (Ilo 5) For Gen10 Servers, 4 4), 3 3) — versions HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers prior to v1.35, HPE Integrated Lights-Out 4 (iLO 4) prior to v2.61, HPE Integrated Lights-Out 3 (iLO 3) prior to v1.90
Hp Gen_10_servers
Hp Integrated_lights-out
Hp Integrated_lights-out_3_firmware
Hp Integrated_lights-out_4_firmware
Hp Integrated_lights-out_5_firmware

Public proof-of-concept exploits

Synacktiv-contrib/pcileech_

References

security-alert@hpe.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
security-alert@hpe.com (x_refsource_CONFIRM, Mitigation, Vendor Advisory)
security-alert@hpe.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_SECTRACK)

Frequently asked questions

What is CVE-2018-7105?: CVE-2018-7105 is a high-severity vulnerability in Hewlett Packard Enterprise Hpe Integrated Lights-out 5 (Ilo 5) For Gen10 Servers, 4 4), 3 3). CVSS score: 7.2/10. Published 2018-09-27.
How severe is CVE-2018-7105?: High severity. CVSS v3 base score is 7.2 out of 10.
Is CVE-2018-7105 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.