Disclaimer: HP ILO Firmware involved here is NOT the latest available. ILO 3 cards were not affected.
Using Metasploit to scan my network for OpenSSL "Heartbleed" vulnerability I've been quite shocked to get a handful of alerts in my mailbox. Our HP C7000 was no longer able to talk to some of our HP Proliant blades' ILO.
Production was all good, and service was still delivered, but blade management was impossible: Metasploit's auxiliary/scanner/ssl/openssl_heartbleed.rb probe has just crashed six HP ILO 2 cards. That's funny, because the ILO firmware is not vulnerable to heartbleed, it's only vulnerable to the scanner...
I've made some tests to repeat the problem. It happens with a 100% reliability. Quite impressive.
Software versions:
Metasploit Framework: 4.8.2-2013121101 Console : 4.8.2-2013121101.15168 openssl_heartbleed.rb : downloaded on April the 22th. HP ProLiant BL490c G6 (product ID 509316-B21), ILO 2 firmware undisclosed for security reasons.