Information disclosure in HPE Integrated Lights-Out 3 - CVE-2016-4379
Published: August 30, 2016 / Updated: October 3, 2016
Vulnerability identifier: #VU716
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-4379
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: HPE
Affected software:
HPE Integrated Lights-Out 3
HPE Integrated Lights-Out 3
Detailed vulnerability description
The vulnerability allows a remote user to disclose potentially sensitive data on the target system.
The weakness is caused by TLS CBC Padding and MAC Errors that results in disclosure of important information.
Successful exploitation of the vulnerability allows a malicious user to obtain and disclose potentially sensitive files.
The weakness is caused by TLS CBC Padding and MAC Errors that results in disclosure of important information.
Successful exploitation of the vulnerability allows a malicious user to obtain and disclose potentially sensitive files.
How to mitigate CVE-2016-4379
Update to 1.88.