2018 has been a really tough year for BMCs! Although their attack surface was not something new (IPMI has been studied by Dan Farmer back in 2013, followed by a state-of-the-art blogpost by HD Moore), recent studies have shed light on how powerful these devices are in the servers, being able to directly access the main host memory, and how poor their code quality and software mitigations were.
On August 28th, HP published a security bulletin regarding a critical vulnerability in HP Integrated Lights-Out (iLO) 4. This blog post aims at giving some details about this vulnerability, and a few hints for administrators to protect their servers. This research only applies to iLO version 4.
Page 1 / 1