Black Arrow Cyber Advisory – 20,000 HP Servers Have Their Management Interface Exposed to the Internet
Executive Summary
Integrated Lights Out (iLO) is a low-level management interface on Hewlett-Packard (HP) servers, intended for out-of-band or outside-of-operating system access. The service is most used by IT staff managing the device for remote support operations, such as powering the system off, updating firmware or viewing the display via the network. Despite a recent and serious bug dubbed ‘iLOBleed’, approximately 24,000 iLO devices are still exposed to the internet and searchable with Google.
What’s the risk to me or my business?
HP servers are very common in business settings and remain the popular choice globally. Most of these servers come with iLO pre-installed, which makes them a lucrative target to attackers when vulnerable, particularly given their low-level access. In combination with vulnerabilities like ‘iLOBleed’, remotely exposing iLO to the web presents a low hanging fruit that may be too attractive to pass up.
What can I do?
Check with your IT team or MSP to ensure that you aren’t exposing anything to the web that shouldn’t be there, even beyond iLO. Misconfigurations or services such as Universal Plug and Play (UPNP) can expose devices without your knowledge, leaving you open to attack where the exposed systems are vulnerable.
Need help understanding your gaps, or just want some advice? Get in touch with us.
Read More