Bug in HP Remote Management Tool Leaves Servers Open to Attack


Hewlett Packard Enterprise has patched a vulnerability in its remote management hardware called Integrated Lights-Out 3 that is used in its popular line of HP ProLiant servers. The bug allows an attacker to launch an unauthenticated remote denial of service attack that could contribute to a crippling on vulnerable datacenters under some conditions.

The vulnerability (CVE-2017-8987) is rated “high severity”, with a CVSS base score of 8.6, and was discovered by Rapid7 researchers in September. HPE publicly reported the bug on Feb. 22 and has made patches available.

Read more…
Source: ThreatPost