[security bulletin] HPSBHF03441 rev.2 - HPE iLO 3, iLO 4 and iLO 4 mRCA, Remote Multiple Vulnerabilities

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v
dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp
cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj
L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtYzA1MjM2OTUwDQoNClNVUFBP
UlQgQ09NTVVOSUNBVElPTiAtIFNFQ1VSSVRZIEJVTExFVElODQoNCkRvY3VtZW50IElE
OiBjMDUyMzY5NTANClZlcnNpb246IDINCg0KSFBTQkhGMDM0NDEgcmV2LjIgLSBIUEUg
aUxPIDMsIGlMTyA0IGFuZCBpTE8gNCBtUkNBLCBSZW1vdGUgTXVsdGlwbGUNClZ1bG5l
cmFiaWxpdGllcw0KDQpOT1RJQ0U6IFRoZSBpbmZvcm1hdGlvbiBpbiB0aGlzIFNlY3Vy
aXR5IEJ1bGxldGluIHNob3VsZCBiZSBhY3RlZCB1cG9uIGFzDQpzb29uIGFzIHBvc3Np
YmxlLg0KDQpSZWxlYXNlIERhdGU6IDIwMTctMDEtMjUNCkxhc3QgVXBkYXRlZDogMjAx
Ny0wMS0yNA0KDQpQb3RlbnRpYWwgU2VjdXJpdHkgSW1wYWN0OiBSZW1vdGU6IE11bHRp
cGxlIFZ1bG5lcmFiaWxpdGllcw0KDQpTb3VyY2U6IEhld2xldHQgUGFja2FyZCBFbnRl
cnByaXNlLCBQcm9kdWN0IFNlY3VyaXR5IFJlc3BvbnNlIFRlYW0NCg0KVlVMTkVSQUJJ
TElUWSBTVU1NQVJZDQpQb3RlbnRpYWwgc2VjdXJpdHkgdnVsbmVyYWJpbGl0aWVzIGhh
dmUgYmVlbiBpZGVudGlmaWVkIGluIEhQRSBJbnRlZ3JhdGVkDQpMaWdodHMgT3V0IDMs
IEhQRSBJbnRlZ3JhdGVkIExpZ2h0cyBPdXQgNCwgYW5kIEludGVncmF0ZWQgTGlnaHRz
IE91dCA0IG1SQ0EuDQpUaGUgdnVsbmVyYWJpbGl0aWVzIGFyZSByZW1vdGVseSBleHBs
b2l0YWJsZS4NCg0KUmVmZXJlbmNlczoNCg0KICAtIENWRS0yMDE2LTQzNzUNCg0KU1VQ
UE9SVEVEIFNPRlRXQVJFIFZFUlNJT05TKjogT05MWSBpbXBhY3RlZCB2ZXJzaW9ucyBh
cmUgbGlzdGVkLg0KDQogIC0gSFAgSW50ZWdyYXRlZCBMaWdodHMtT3V0IDMgKGlMTyAz
KSwgRmlybXdhcmUgZm9yIFByb0xpYW50IEc3IFNlcnZlcnMNCnByaW9yIHRvIHYxLjg4
DQogIC0gSFAgSW50ZWdyYXRlZCBMaWdodHMtT3V0IDQgKGlMTyA0KSwgcHJpb3IgdG8g
djIuNDQNCiAgLSBIUCBpTE8gNCBtUkNBIHByaW9yIHRvIHYyLjMyDQoNCkJBQ0tHUk9V
TkQNCg0KICBDVlNTIEJhc2UgTWV0cmljcw0KICA9PT09PT09PT09PT09PT09PQ0KICBS
ZWZlcmVuY2UsIENWU1MgVjMgU2NvcmUvVmVjdG9yLCBDVlNTIFYyIFNjb3JlL1ZlY3Rv
cg0KDQogICAgQ1ZFLTIwMTYtNDM3NQ0KICAgICAgNS42IENWU1M6My4wL0FWOk4vQUM6
SC9QUjpOL1VJOk4vUzpVL0M6TC9JOkwvQTpMDQogICAgICA2LjggKEFWOk4vQUM6TS9B
dTpOL0M6UC9JOlAvQTpQKQ0KDQogICAgSW5mb3JtYXRpb24gb24gQ1ZTUyBpcyBkb2N1
bWVudGVkIGluDQogICAgSFBFIEN1c3RvbWVyIE5vdGljZSBIUFNOLTIwMDgtMDAyIGhl
cmU6DQoNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNjL2RvYy9wdWJsaWMv
ZGlzcGxheT9kb2NJZD1lbXJfbmEtYzAxMzQ1NDk5DQoNClJFU09MVVRJT04NCg0KSFBF
IGhhcyBwcm92aWRlZCBmaXJtd2FyZSB1cGRhdGVzIHRvIHJlc29sdmUgdGhlIHZ1bG5l
cmFiaWxpdGllcy4gDQoNCiogaUxPIDMgdmVyc2lvbiB2MS44OCBvciBzdWJzZXF1ZW50
DQoqIGlMTyA0IHZlcnNpb24gdjIuNDQgb3Igc3Vic2VxdWVudA0KKiBpTE8gNCB2ZXJz
aW9uIHYyLjMyIGZvciBtUkNBIE1vb25zaG90IGNhcnRyaWRnZSBvciBzdWJzZXF1ZW50
DQogICAgDQpUaGUgdXBkYXRlcyBhcmUgYXZhaWxhYmxlIGF0IHRoZSBmb2xsb3dpbmcg
bG9jYXRpb25zLg0KDQpUaGUgdXBkYXRlcyBmb3IgaUxPIDMgKHYxLjg4KSBhcmUgYXZh
aWxhYmxlIGF0IHRoZSBmb2xsb3dpbmcgbG9jYXRpb25zOiANCg0KT25saW5lIFJPTSBG
bGFzaCBDb21wb25lbnQgZm9yIFdpbmRvd3MgeDg2DQoNCiAqIDxodHRwczovL3d3dy5o
cGUuY29tL2dsb2JhbC9zd3B1Ymxpc2hpbmcvTVRYLTNlZjY1ZDEzNDA2YTQxZGU5N2U2
YTc1YTNjPg0KDQpPbmxpbmUgUk9NIEZsYXNoIENvbXBvbmVudCBmb3IgV2luZG93cyB4
NjQNCg0KICogPGh0dHBzOi8vd3d3LmhwZS5jb20vZ2xvYmFsL3N3cHVibGlzaGluZy9N
VFgtYmI0NWUwNjgyZGQwNGYwOThhZDg5ZTE4OWM+DQoNCk9ubGluZSBST00gRmxhc2gg
Q29tcG9uZW50IGZvciBMaW51eA0KDQogKiA8aHR0cHM6Ly93d3cuaHBlLmNvbS9nbG9i
YWwvc3dwdWJsaXNoaW5nL01UWC00ODgyZGNjYWFhMGQ0ZmJjYmQzNTMwMzNlNj4NCg0K
DQpPbmxpbmUgUk9NIEZsYXNoIENvbXBvbmVudCBmb3IgVk13YXJlIEVTWGkNCg0KICog
PGh0dHBzOi8vd3d3LmhwZS5jb20vZ2xvYmFsL3N3cHVibGlzaGluZy9NVFgtMDRiMDU2
MjEyODUxNDUxMTljYmFhNjk5ODI+DQogDQogDQoNClRoZSB1cGRhdGVzIGZvciBpTE8g
NCAodjIuNDQpIGFyZSBhdmFpbGFibGUgYXQgdGhlIGZvbGxvd2luZyBsb2NhdGlvbnM6
ICANCg0KT25saW5lIFJPTSBGbGFzaCBDb21wb25lbnQgZm9yIFdpbmRvd3MgeDY0DQoN
CiAgKg0KPGh0dHBzOi8vaDIwNTY2Lnd3dzIuaHBlLmNvbS9ocHNjL3N3ZC9wdWJsaWMv
ZGV0YWlsP3N3SXRlbUlkPU1UWF9lYTViNjJkNjcyMjENCjdiZTk1NWYxZmEzYTY+DQoN
Ck9ubGluZSBST00gRmxhc2ggQ29tcG9uZW50IGZvciBXaW5kb3dzIHg4Ng0KDQogICoN
CjxodHRwczovL2gyMDU2Ni53d3cyLmhwZS5jb20vaHBzYy9zd2QvcHVibGljL2RldGFp
bD9zd0l0ZW1JZD1NVFhfZTQyNzk1ZmRmYjg5DQo5YTM4MTZjYmQ2NTUzPg0KDQpPbmxp
bmUgUk9NIEZsYXNoIENvbXBvbmVudCBmb3IgTGludXggDQoNCiAgKg0KPGh0dHBzOi8v
aDIwNTY2Lnd3dzIuaHBlLmNvbS9ocHNjL3N3ZC9wdWJsaWMvZGV0YWlsP3N3SXRlbUlk
PU1UWF81YTQ4NTBkY2M3MGENCjQ0Zjk0YzY3ZjBiOGI+DQoNCk9ubGluZSBST00gRmxh
c2ggQ29tcG9uZW50IGZvciBWTXdhcmUgRVNYaQ0KDQogICogPGh0dHBzOi8vd3d3Lmhw
ZS5jb20vZ2xvYmFsL3N3cHVibGlzaGluZy9NVFgtNzdiZWRkNDlmYzI2NGYwNGExY2Y4
YTU0ZjE+DQoNCg0KVGhlIG1SQ0EgZmlybXdhcmUgaXMgYXZhaWxhYmxlIGluIHRoZSBN
b29uc2hvdCBDb21wb25lbnQgUGFjayAyMDE2LjA3LjAuIFRoZQ0Kc2VydmljZSBwYWNr
IGlzIGF2YWlsYWJsZSBhdCB0aGUgZm9sbG93aW5nIGxvY2F0aW9uOg0KDQogICoNCjxo
dHRwczovL2gyMDU2Ni53d3cyLmhwZS5jb20vaHBzYy9zd2QvcHVibGljL2RldGFpbD9z
d0l0ZW1JZD1NVFhfN2FiYWJhMWIwYWMzDQo0M2U4OWUwMTQxNWI0Pg0KDQpISVNUT1JZ
DQoNClZlcnNpb246MSAocmV2LjEpIC0gMTIgQXVndXN0IDIwMTYgSW5pdGlhbCByZWxl
YXNlDQoNClZlcnNpb246MiAocmV2LjIpIC0gMjQgSmFudWFyeSAyMDE3IHJlbW92ZWQg
RlRQIFVSTCBsaW5rcywgdXBkYXRlZCBodHRwcw0KbGlua3MsIHNpbXBsaWZpZWQgdGl0
bGUsIHZ1bG5lcmFiaWxpdHkgZGVzY3JpcHRpb24NCg0KDQpUaGlyZCBQYXJ0eSBTZWN1
cml0eSBQYXRjaGVzOiBUaGlyZCBwYXJ0eSBzZWN1cml0eSBwYXRjaGVzIHRoYXQgYXJl
IHRvIGJlDQppbnN0YWxsZWQgb24gc3lzdGVtcyBydW5uaW5nIEhld2xldHQgUGFja2Fy
ZCBFbnRlcnByaXNlIChIUEUpIHNvZnR3YXJlDQpwcm9kdWN0cyBzaG91bGQgYmUgYXBw
bGllZCBpbiBhY2NvcmRhbmNlIHdpdGggdGhlIGN1c3RvbWVyJ3MgcGF0Y2ggbWFuYWdl
bWVudA0KcG9saWN5Lg0KDQpTdXBwb3J0OiBGb3IgaXNzdWVzIGFib3V0IGltcGxlbWVu
dGluZyB0aGUgcmVjb21tZW5kYXRpb25zIG9mIHRoaXMgU2VjdXJpdHkNCkJ1bGxldGlu
LCBjb250YWN0IG5vcm1hbCBIUEUgU2VydmljZXMgc3VwcG9ydCBjaGFubmVsLiBGb3Ig
b3RoZXIgaXNzdWVzIGFib3V0DQp0aGUgY29udGVudCBvZiB0aGlzIFNlY3VyaXR5IEJ1
bGxldGluLCBzZW5kIGUtbWFpbCB0byBzZWN1cml0eS1hbGVydEBocGUuY29tLg0KDQpS
ZXBvcnQ6IFRvIHJlcG9ydCBhIHBvdGVudGlhbCBzZWN1cml0eSB2dWxuZXJhYmlsaXR5
IGZvciBhbnkgSFBFIHN1cHBvcnRlZA0KcHJvZHVjdDoNCiAgV2ViIGZvcm06IGh0dHBz
Oi8vd3d3LmhwZS5jb20vaW5mby9yZXBvcnQtc2VjdXJpdHktdnVsbmVyYWJpbGl0eQ0K
ICBFbWFpbDogc2VjdXJpdHktYWxlcnRAaHBlLmNvbQ0KDQpTdWJzY3JpYmU6IFRvIGlu
aXRpYXRlIGEgc3Vic2NyaXB0aW9uIHRvIHJlY2VpdmUgZnV0dXJlIEhQRSBTZWN1cml0
eSBCdWxsZXRpbg0KYWxlcnRzIHZpYSBFbWFpbDogaHR0cDovL3d3dy5ocGUuY29tL3N1
cHBvcnQvU3Vic2NyaWJlcl9DaG9pY2UNCg0KU2VjdXJpdHkgQnVsbGV0aW4gQXJjaGl2
ZTogQSBsaXN0IG9mIHJlY2VudGx5IHJlbGVhc2VkIFNlY3VyaXR5IEJ1bGxldGlucyBp
cw0KYXZhaWxhYmxlIGhlcmU6IGh0dHA6Ly93d3cuaHBlLmNvbS9zdXBwb3J0L1NlY3Vy
aXR5X0J1bGxldGluX0FyY2hpdmUNCg0KU29mdHdhcmUgUHJvZHVjdCBDYXRlZ29yeTog
VGhlIFNvZnR3YXJlIFByb2R1Y3QgQ2F0ZWdvcnkgaXMgcmVwcmVzZW50ZWQgaW4NCnRo
ZSB0aXRsZSBieSB0aGUgdHdvIGNoYXJhY3RlcnMgZm9sbG93aW5nIEhQU0IuDQoNCjND
ID0gM0NPTQ0KM1AgPSAzcmQgUGFydHkgU29mdHdhcmUNCkdOID0gSFBFIEdlbmVyYWwg
U29mdHdhcmUNCkhGID0gSFBFIEhhcmR3YXJlIGFuZCBGaXJtd2FyZQ0KTVUgPSBNdWx0
aS1QbGF0Zm9ybSBTb2Z0d2FyZQ0KTlMgPSBOb25TdG9wIFNlcnZlcnMNCk9WID0gT3Bl
blZNUw0KUFYgPSBQcm9DdXJ2ZQ0KU1QgPSBTdG9yYWdlIFNvZnR3YXJlDQpVWCA9IEhQ
LVVYDQoNCkNvcHlyaWdodCAyMDE2IEhld2xldHQgUGFja2FyZCBFbnRlcnByaXNlDQoN
Ckhld2xldHQgUGFja2FyZCBFbnRlcnByaXNlIHNoYWxsIG5vdCBiZSBsaWFibGUgZm9y
IHRlY2huaWNhbCBvciBlZGl0b3JpYWwNCmVycm9ycyBvciBvbWlzc2lvbnMgY29udGFp
bmVkIGhlcmVpbi4gVGhlIGluZm9ybWF0aW9uIHByb3ZpZGVkIGlzIHByb3ZpZGVkDQoi
YXMgaXMiIHdpdGhvdXQgd2FycmFudHkgb2YgYW55IGtpbmQuIFRvIHRoZSBleHRlbnQg
cGVybWl0dGVkIGJ5IGxhdywgbmVpdGhlcg0KSFAgb3IgaXRzIGFmZmlsaWF0ZXMsIHN1
YmNvbnRyYWN0b3JzIG9yIHN1cHBsaWVycyB3aWxsIGJlIGxpYWJsZSBmb3INCmluY2lk
ZW50YWwsc3BlY2lhbCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgaW5jbHVkaW5nIGRv
d250aW1lIGNvc3Q7IGxvc3QNCnByb2ZpdHM7IGRhbWFnZXMgcmVsYXRpbmcgdG8gdGhl
IHByb2N1cmVtZW50IG9mIHN1YnN0aXR1dGUgcHJvZHVjdHMgb3INCnNlcnZpY2VzOyBv
ciBkYW1hZ2VzIGZvciBsb3NzIG9mIGRhdGEsIG9yIHNvZnR3YXJlIHJlc3RvcmF0aW9u
LiBUaGUNCmluZm9ybWF0aW9uIGluIHRoaXMgZG9jdW1lbnQgaXMgc3ViamVjdCB0byBj
aGFuZ2Ugd2l0aG91dCBub3RpY2UuIEhld2xldHQNClBhY2thcmQgRW50ZXJwcmlzZSBh
bmQgdGhlIG5hbWVzIG9mIEhld2xldHQgUGFja2FyZCBFbnRlcnByaXNlIHByb2R1Y3Rz
DQpyZWZlcmVuY2VkIGhlcmVpbiBhcmUgdHJhZGVtYXJrcyBvZiBIZXdsZXR0IFBhY2th
cmQgRW50ZXJwcmlzZSBpbiB0aGUgVW5pdGVkDQpTdGF0ZXMgYW5kIG90aGVyIGNvdW50
cmllcy4gT3RoZXIgcHJvZHVjdCBhbmQgY29tcGFueSBuYW1lcyBtZW50aW9uZWQgaGVy
ZWluDQptYXkgYmUgdHJhZGVtYXJrcyBvZiB0aGVpciByZXNwZWN0aXZlIG93bmVycy4N
Ci0tLS0tQkVHSU4gUEdQIFNJR05BVFVSRS0tLS0tClZlcnNpb246IEdudVBHIHYxCgpp
UUVjQkFFQkNBQUdCUUpZaDVsZEFBb0pFTFhoQXh0N1NaYWlSV1lJQUo3T2hwanpxRnlv
bE5CY05QSG13a0FVCkVTYjJTZHFWZWZhZzFOSklFbEhBQTlnSWpyT1gxZEsyMGpCbnpl
ektCNVlSbVJlcUJxVHkxL1kxZzk5ckpoSzQKdmJ5SjNNcGZGT0xDSUFpS1dpRjcyS1hv
TFZMdDIyY095Z0pIalJkcDFFOUl2c2tlU3ltWjVZTlZFTmJQYmhsZApuZmJRTDZXUkhy
WlBwNGxpV3AwS0VSTmZ6bzRsZW9xV0ZZdmdSTldMQk45Y0dpci9VRFRpZThNRElQeDRJ
NU53CklYWjUzckQ2TUVyRmpWVjlGaTdNelhTNlJ2b1VjMkFicHhwMmh5Syt2RGo5bHNY
emJKYndqVHZoUm5wMGNOMTIKRitsN2dKOFRMc1ZsL05Qd0ZDcE5VNHNPTTFCcW1QMzJ6
Q3AwaWJ0aVFyR2hkL01Rbzc5eDlIS2RJNEdhaXJNPQo9cXZYdwotLS0tLUVORCBQR1Ag
U0lHTkFUVVJFLS0tLS0K