HPE Community
Servers - General
1819882 Members
2817 Online
109607 Solutions
New Discussion

Sweet32 vulnerability on Proliant iLO Firmware Version 2.71

 
SOLVED
Go to solution
Steven_Reid
Occasional Contributor

‎09-05-2022 03:14 PM - last edited on ‎09-07-2022 08:08 PM by

‎09-05-2022 03:14 PM - last edited on ‎09-07-2022 08:08 PM by

Sweet32 vulnerability on Proliant iLO Firmware Version 2.71

Hi All,

We have recently performed some vulnerability scanning on our network and the iLO devices are coming up with the SSL Medium Strength Cipher Suites Supported (SWEET32) CVE-2016-2183 vulnerability.

The ILO devices are running firmware version 2.71

Is there a newer version of the firmware available, or is there a way to mitigate this issue?
How can we report it to HPE themselves?

Thanks

 

0 Kudos
Reply
6 REPLIES 6
support_s
System Recommended

‎09-05-2022 04:15 PM

‎09-05-2022 04:15 PM

Query: Sweet32 vulnerability on Proliant iLO Firmware Version 2.71

System recommended content:

1. Bulletin: (Revision) HPE Integrated Lights-Out 4 (iLO 4) - iLO 4 Is Vulnerable to CVE-2017-12542 and Can Be Exploited By the iLOBleed Root Kit

2. Advisory: HPE Integrated Lights-Out 4 (iLO 4) - Qualys Scan Report Displaying iLO 4 Firmware v1.64 as Vulnerable to Ripple20 on HPE Integrity Superdome X Server Is a False Positive

 

Please click on "Thumbs Up/Kudo" icon to give a "Kudo".

 

Thank you for being a HPE valuable community member.


Accept or Kudo

0 Kudos
Reply
Steven_Reid
Occasional Contributor

‎09-05-2022 05:14 PM

‎09-05-2022 05:14 PM

Re: Query: Sweet32 vulnerability on Proliant iLO Firmware Version 2.71

Thanks for the response.

The XML link shows the machine as <SPN>ProLiant DL360 Gen10</SPN> 

and that the iLO is v 5

<MP>
<ST>1</ST>
<PN>Integrated Lights-Out 5 (iLO 5)</PN>
<FWRI>2.71</FWRI>


Are you saying that even for this device, it is a false positive?

 

0 Kudos
Reply
Suman_1978
HPE Pro

‎09-07-2022 07:05 PM

‎09-07-2022 07:05 PM

Solution

Re: Query: Sweet32 vulnerability on Proliant iLO Firmware Version 2.71

Hi,

To report a potential security vulnerability for any HPE supported product:

Web Form: https://www.hpe.com/info/report-security-vulnerability

Thank You!
I work with HPE but opinions expressed here are mine.
Recent Support Video Releases



I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
Steven_Reid
Occasional Contributor

‎09-07-2022 07:27 PM

‎09-07-2022 07:27 PM

Re: Query: Sweet32 vulnerability on Proliant iLO Firmware Version 2.71

Thank you.

i have copmpleted that form

0 Kudos
Reply
Sunitha_Mod
Moderator

‎09-28-2022 04:11 AM

‎09-28-2022 04:11 AM

Re: Query: Sweet32 vulnerability on Proliant iLO Firmware Version 2.71

Hello @Steven_Reid

We are glad to know your concern has been addressed. 



Thanks,
Sunitha G
I'm an HPE employee.
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
FBreen
Occasional Visitor

‎02-17-2023 08:27 AM

‎02-17-2023 08:27 AM

Re: Sweet32 vulnerability on Proliant iLO Firmware Version 2.71

We had the same issue. and have resolved it. 

We started first with latest Firmware ilo5_278.fwpkg - this did not reolved it. 

Go to Security - Encryption - then 

Update Security Settings

change to High Security - apply and reboot ILO . this will resolve the issue

We are only using TLS 1.2  as well

Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.