module
HP iLO 4 1.00-2.50 Authentication Bypass Administrator Account Creation
| Disclosed | Created |
|---|---|
| 08/24/2017 | 06/14/2018 |
Disclosed
08/24/2017
Created
06/14/2018
Description
This module exploits an authentication bypass in HP iLO 4 1.00 to 2.50, triggered by a buffer
overflow in the Connection HTTP header handling by the web server.
Exploiting this vulnerability gives full access to the REST API, allowing arbitrary
accounts creation.
overflow in the Connection HTTP header handling by the web server.
Exploiting this vulnerability gives full access to the REST API, allowing arbitrary
accounts creation.
Author
Fabien Perigaud
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
msf > use auxiliary/admin/hp/hp_ilo_create_admin_account
msf /(t) > show actions
...actions...
msf /(t) > set ACTION < action-name >
msf /(t) > show options
...show and set options...
msf /(t) > run
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.