Update your iLO firmware

    If you are the owner of servers with an outward looking iLO, then you need to read this topic, the rest may come in handy.
    The HP Proliant DL360p Gen8 with iLO 4 on board is available. The firmware version was 1.20. iLO in the outside world is a necessity for us.
    One fine day, the server rebooted itself. We began to study the issue and saw the following in iLO logs (briefly in chronological order):
    IPMI / RMCP login by Administrator - (DNS name not found).
    New user: backup.
    Modified user: backup.
    Browser login: backup - (DNS name not found).
    Remote console started by: backup - (DNS name not found).
    Server reset.
    Host server reset by: backup.

    A backup user with full privileges was created.

    It turned out that someone took advantage of this vulnerability.
    In general, an IPMI module vulnerability. On the Internet, by the way, lies detailed instructions on how to hack. So if you search, you can find. Update (you can download updated firmware using the link above), deactivate the default login, restrict access to iLO using the filters of network equipment.

    PS Vulnerability refers to iLO 3, iLO4 and iLO CM.

    Also popular now: