CVE-2017-12542 – HP iLO 4 Authentication Bypass

An authentication bypass and execution of code vulnerability exits within all of HPE’s Integrated Lights-out 4 (iLO 4)  controllers prior to version 2.54.  This is triggered by a buffer overflow in how the web server handles the Connection HTTP header.  Unrestricted access to the REST API is possible allowing for administrative account creation.  With unrestricted […]