Update your iLO firmware
Greetings.
If you are the owner of servers with iLO looking outside, then you need to read this topic, the rest may come in handy.
HP Proliant DL360p Gen8 with iLO 4 on board is available. The firmware version was 1.20. iLO in the outside world is a must for us.
One day, the server rebooted itself. We began to study the question and saw the following in the iLO logs (briefly in chronological order):
A backup user has been created with full privileges.
It turned out that someone took advantage of this vulnerability.
Overall, IPMI module vulnerability. On the Internet, by the way, there is a detailed instruction on the method of hacking. So if you search, you can find. Update (you can download the updated firmware via the link above), deactivate the default login, restrict access to iLO by means of network equipment filters.
PS Vulnerability applies to iLO 3, iLO4 and iLO CM.
If you are the owner of servers with iLO looking outside, then you need to read this topic, the rest may come in handy.
HP Proliant DL360p Gen8 with iLO 4 on board is available. The firmware version was 1.20. iLO in the outside world is a must for us.
One day, the server rebooted itself. We began to study the question and saw the following in the iLO logs (briefly in chronological order):
IPMI / RMCP login by Administrator - 190.185.122.29 (DNS name not found).
New user: backup.
Modified user: backup.
Browser login: backup - 190.185.122.14 (DNS name not found).
Remote console started by: backup - 190.185.122.14 (DNS name not found).
Server reset.
Host server reset by: backup.
A backup user has been created with full privileges.
It turned out that someone took advantage of this vulnerability.
Overall, IPMI module vulnerability. On the Internet, by the way, there is a detailed instruction on the method of hacking. So if you search, you can find. Update (you can download the updated firmware via the link above), deactivate the default login, restrict access to iLO by means of network equipment filters.
PS Vulnerability applies to iLO 3, iLO4 and iLO CM.
')
Source: https://habr.com/ru/post/199532/
All Articles