Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-28634

A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. A highly privileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality, integrity, and availability. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5).

Security Impact Summary

This vulnerability carries a MEDIUM severity rating with a CVSS v3.1 score of 6.7, requiring local system access to exploit with relatively low complexity without requiring user interaction . The vulnerability impacts confidentiality (data exposure), integrity (unauthorized modifications), and availability (service disruption) for affected systems. Impacting 75 products from hpe, from hpe, from hpe and 72 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

Reported in 2022, this vulnerability emerged during an era marked by increased sophistication in supply chain attacks, cloud infrastructure vulnerabilities, and software-as-a-service (SaaS) security challenges. Security practices during this period emphasized zero-trust architectures, container security, and API protection.

Published

2022-08-12T15:15:14.383

Last Modified

2024-11-21T06:57:37.430

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.7 (MEDIUM)

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	hpe	integrated_lights-out_5_firmware	< 2.71	Yes
Hardware	hpe	apollo_2000_gen10_plus_system	-	No
Hardware	hpe	apollo_4200_gen10_server	-	No
Hardware	hpe	apollo_4510_gen10_system	-	No
Hardware	hpe	apollo_6500_gen10_plus_system	-	No
Hardware	hpe	apollo_6500_gen10_system	-	No
Hardware	hpe	apollo_n2600_gen10_plus	-	No
Hardware	hpe	apollo_n2800_gen10_plus	-	No
Hardware	hpe	apollo_r2600_gen10	-	No
Hardware	hpe	apollo_r2800_gen10	-	No
Hardware	hpe	edgeline_e920_server_blade	-	No
Hardware	hpe	edgeline_e920d_server_blade	-	No
Hardware	hpe	edgeline_e920t_server_blade	-	No
Hardware	hpe	proliant_bl460c_gen10_server_blade	-	No
Hardware	hpe	proliant_dl110_gen10_plus_telco_server	-	No
Hardware	hpe	proliant_dl120_gen10_server	-	No
Hardware	hpe	proliant_dl160_gen10_server	-	No
Hardware	hpe	proliant_dl180_gen10_server	-	No
Hardware	hpe	proliant_dl20_gen10_plus_server	-	No
Hardware	hpe	proliant_dl20_gen10_server	-	No
Hardware	hpe	proliant_dl325_gen10_plus_server	-	No
Hardware	hpe	proliant_dl325_gen10_plus_v2_server	-	No
Hardware	hpe	proliant_dl325_gen10_server	-	No
Hardware	hpe	proliant_dl345_gen10_plus_server	-	No
Hardware	hpe	proliant_dl360_gen10_plus_server	-	No
Hardware	hpe	proliant_dl360_gen10_server	-	No
Hardware	hpe	proliant_dl365_gen10_plus_server	-	No
Hardware	hpe	proliant_dl380_gen10_plus_server	-	No
Hardware	hpe	proliant_dl380_gen10_server	-	No
Hardware	hpe	proliant_dl385_gen10_plus_server	-	No
Hardware	hpe	proliant_dl385_gen10_plus_v2_server	-	No
Hardware	hpe	proliant_dl385_gen10_server	-	No
Hardware	hpe	proliant_dl560_gen10_server	-	No
Hardware	hpe	proliant_dl580_gen10_server	-	No
Hardware	hpe	proliant_dx170r_gen10_server	-	No
Hardware	hpe	proliant_dx190r_gen10_server	-	No
Hardware	hpe	proliant_dx220n_gen10_plus_server	-	No
Hardware	hpe	proliant_dx325_gen10_plus_v2_server	-	No
Hardware	hpe	proliant_dx360_gen10_plus_server	-	No
Hardware	hpe	proliant_dx360_gen10_server	-	No
Hardware	hpe	proliant_dx380_gen10_plus_server	-	No
Hardware	hpe	proliant_dx380_gen10_server	-	No
Hardware	hpe	proliant_dx385_gen10_plus_server	-	No
Hardware	hpe	proliant_dx385_gen10_plus_v2_server	-	No
Hardware	hpe	proliant_dx4200_gen10_server	-	No
Hardware	hpe	proliant_dx560_gen10_server	-	No
Hardware	hpe	proliant_e910_server_blade	-	No
Hardware	hpe	proliant_e910t_server_blade	-	No
Hardware	hpe	proliant_m750_server_blade	-	No
Hardware	hpe	proliant_microserver_gen10_plus	-	No
Hardware	hpe	proliant_ml110_gen10_server	-	No
Hardware	hpe	proliant_ml30_gen10_plus_server	-	No
Hardware	hpe	proliant_ml30_gen10_server	-	No
Hardware	hpe	proliant_ml350_gen10_server	-	No
Hardware	hpe	proliant_xl170r_gen10_server	-	No
Hardware	hpe	proliant_xl190r_gen10_server	-	No
Hardware	hpe	proliant_xl220n_gen10_plus_server	-	No
Hardware	hpe	proliant_xl225n_gen10_plus_1u_node	-	No
Hardware	hpe	proliant_xl230k_gen10_server	-	No
Hardware	hpe	proliant_xl270d_gen10_server	-	No
Hardware	hpe	proliant_xl290n_gen10_plus_server	-	No
Hardware	hpe	proliant_xl420_gen10_server	-	No
Hardware	hpe	proliant_xl450_gen10_server	-	No
Hardware	hpe	proliant_xl645d_gen10_plus_server	-	No
Hardware	hpe	proliant_xl675d_gen10_plus_server	-	No
Hardware	hpe	proliant_xl925g_gen10_plus_server	-	No
Hardware	hpe	storage_file_controller	-	No
Hardware	hpe	storage_performance_file_controller	-	No
Hardware	hpe	storeeasy_1460_storage	-	No
Hardware	hpe	storeeasy_1560_storage	-	No
Hardware	hpe	storeeasy_1660_expanded_storage	-	No
Hardware	hpe	storeeasy_1660_performance_storage	-	No
Hardware	hpe	storeeasy_1660_storage	-	No
Hardware	hpe	storeeasy_1860_performance_storage	-	No
Hardware	hpe	storeeasy_1860_storage	-	No

References

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04333en_us Vendor Advisory ([email protected])
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04333en_us Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For hpe's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.