Skip to the content.

DIVD-2021-00039 - HP iLO

Our reference DIVD-2021-00039
Case lead Victor Gevers
Author Patrick Hulshof
Researcher(s)
CVE(s)
Product HP iLO
Versions iLO4 and earlier versions used on HP servers.
Recommendation Update the iLO firmware version to the latest official release from HP
Patch status latest patch 2.79
Status Closed
Last modified 08 Dec 2022 16:28

Summary

The rootkit name, iLOBleed, is based on the malware module Implant.ARM.iLOBleed.a discovered in the iLO firmware. This is the first known discovery of an iLO rootkit.

The attackers discreetly prevented firmware updates by simulating a fake upgrade process on the web UI. The attackers failed to use the latest UI image.

What iLO Versions and Servers are at Risk?

What you can do

What we are doing

We are scanning the internet for vulnerable servers, and will notify system owners via the listed abuse contacts.

Timeline

Date Description
28 Dec 2021 AmnPardaz reported about the vulnerability.
31 Dec 2021 DIVD starts OSINT research.
01 Jan 2022 DIVD starts scanning the internet for open iLO instances.
02 Jan 2022 DIVD starts with identifying owners.
07 Jan 2022 DIVD sent out a first batch of notifications.
15 Feb 2022 DIVD start rescan.
15 Feb 2022 DIVD sent out a second batch of notifications.
09 Mar 2022 After two rounds of notifications this case ends here for us.
gantt title DIVD-2021-00039 - HP iLO dateFormat YYYY-MM-DD axisFormat %e %b %Y section Case DIVD-2021-00039 - HP iLO (68 days) :2021-12-31, 2022-03-09 section Events AmnPardaz reported about the vulnerability. : milestone, 2021-12-28, 0d DIVD starts OSINT research. : milestone, 2021-12-31, 0d DIVD starts scanning the internet for open iLO instances. : milestone, 2022-01-01, 0d DIVD starts with identifying owners. : milestone, 2022-01-02, 0d DIVD sent out a first batch of notifications. : milestone, 2022-01-07, 0d DIVD start rescan. : milestone, 2022-02-15, 0d DIVD sent out a second batch of notifications. : milestone, 2022-02-15, 0d After two rounds of notifications this case ends here for us. : milestone, 2022-03-09, 0d

More information