CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2016-4379

The TLS implementation in HPE Integrated Lights-Out 3 (aka iLO3) firmware before 1.88 does not properly use a MAC protection mechanism in conjunction with CBC padding, which allows remote attackers to obtain sensitive information via a padding-oracle attack, aka a Vaudenay attack.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 63.2%

CVSS Severity

CVSS v3 Score 3.7

CVSS v2 Score 4.3

References

Products affected by CVE-2016-4379

Hp » Integrated Lights-Out 3 » Version: N/A

cpe:2.3:h:hp:integrated_lights-out_3:-
Hp » Integrated Lights-Out 3 Firmware » Version: 1.00

cpe:2.3:o:hp:integrated_lights-out_3_firmware:1.00
Hp » Integrated Lights-Out 3 Firmware » Version: 1.05

cpe:2.3:o:hp:integrated_lights-out_3_firmware:1.05
Hp » Integrated Lights-Out 3 Firmware » Version: 1.20

cpe:2.3:o:hp:integrated_lights-out_3_firmware:1.20
Hp » Integrated Lights-Out 3 Firmware » Version: 1.26

cpe:2.3:o:hp:integrated_lights-out_3_firmware:1.26
Hp » Integrated Lights-Out 3 Firmware » Version: 1.28

cpe:2.3:o:hp:integrated_lights-out_3_firmware:1.28
Hp » Integrated Lights-Out 3 Firmware » Version: 1.50

cpe:2.3:o:hp:integrated_lights-out_3_firmware:1.50
Hp » Integrated Lights-Out 3 Firmware » Version: 1.55

cpe:2.3:o:hp:integrated_lights-out_3_firmware:1.55
Hp » Integrated Lights-Out 3 Firmware » Version: 1.80

cpe:2.3:o:hp:integrated_lights-out_3_firmware:1.80
Hp » Integrated Lights-Out 3 Firmware » Version: 1.87

cpe:2.3:o:hp:integrated_lights-out_3_firmware:1.87

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2016-4379

Products

Pricing

Contact Us