1

The Nessus scanner is flagging 'High risk with sig 74326' after the latest rule updates to all HP iLO cards.

This is specifically about the OpenSSL 'ChangeCipherSpec' MiTM Vulnerability.

It appears the latest HP iLO 4 firmware does not address this issue, since it still comes up after the latest firmware, v1.51 is applied.

Any suggestions on how to mitigate this until HP releases a newer firmware?

Thanks.

StackExchange What The Heck
  • 105
  • 5
pablo808
  • 113
  • 6

1 Answers1

3

Place your ILO, IPMI, DRAC and other management devices on their own management VLAN or network. Secure access to that network with VPN or prevent Internet connectivity. Only allow access from trusted networks.

That's an acceptable way of mitigating the (still narrow) risk you outlined.

You can also disable access to the ILO devices until an updated firmware release is available. Open access as-needed.

ewwhite
  • 194,921
  • 91
  • 434
  • 799
  • Thanks. This network I am working on doesnt have its own management network to access these devices from unfortuantly. But I'm trying to get ACLs in place in the interium. – pablo808 Jul 14 '14 at 01:28