- Community Home
- >
- Servers and Operating Systems
- >
- HPE ProLiant
- >
- ProLiant Servers (ML,DL,SL)
- >
- Re: Security issue with ILO4
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-06-2017 06:42 AM
07-06-2017 06:42 AM
Hi!
My University is scanning all the campus servers with Nessus Vulnerability Scanner and they are complaining that my ILO4 (firmware 1.10 July 17 2012) on ProLiant ML350p Gen8 HP server has a "medium" risk level of vulnerability, so they are asking to solve this issue as soon as possible, to avoid potential attacks.
I enclose the "medium" risk entries of the report: all the problems are connected with the 443/tcp port, it seems I should update the version of SSL protocol to improve cipher, encription and certificate...
Actually I do not know what to do in practice, but I am also very cautious since ILO is very useful to monitor the system and I don't want to lose functionalities.
Is anybody able to help me safely in this respect?
Thank you very much in advance!
Mauro
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-06-2017 06:55 AM
07-06-2017 06:55 AM
Re: Security issue with ILO4
Update to the latest iLO4 firmware and have them scan it again. You are running a very very old version of iLO firmware. Many securty fixes/enhancments have been added.
http://h20565.www2.hpe.com/hpsc/swd/public/readIndex?sp4ts.oid=1009143853&lang=en&cc=us Select your OS and then exapnd the firmware tab
You can review the revision history to see the changes that have been made
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-06-2017 07:13 AM
07-06-2017 07:13 AM
Re: Security issue with ILO4
Dear Jimmy, thank you indeed for the quick suggestion, I will do the update.
However my Operative System is:
CentOS release 6.2 (Final)
which is not present in the list of the web page you suggested me.
Which one should I use? Actually I thought that ILO is
independent with respect to the OS, is it really important
to match the OS?
thank you again
Mauro
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-06-2017 07:30 AM
07-06-2017 07:30 AM
Re: Security issue with ILO4
If your not going to update via the host OS, it is not important to match the OS. You do need to download the firmware file in a verision your client can deal with to extract the binary firmware image. You can then update the image via the web interface. For CentOS the Red Hat file should work without issue
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-07-2017 05:34 AM