[Download]: HPE Integrated Lights-Out 2 (iLO 2) Vulnerability
HPE iLO 2 Vulnerability
There is new detected vulnerability on HPE Integrated Lights-Out 2 (iLO2) that related to TLS protocol 1.2 and earlier. The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the “Logjam” issue.
A vulnerability in the Diffie Hellman Export ciphersuite component in TLS 1.2 and earlier could be exploited remotely to allow disclosure of information.
HPE has released new firmware regarding to fix the issue and resolve this vulnerability in HPE Integrated Lights-Out 2 (iLO 2) version 2.32 and earlier.
Visit the Hewlett Packard Enterprise Support Center site to download the new version: