The vulnerability is an authentication bypass that allows attackers access to HP iLO consoles. Researchers say this access can later be used to extract cleartext passwords, execute malicious code, and even replace iLO firmware. But besides being a remotely exploitable flaw, this vulnerability is also as easy as it gets when it comes to exploitation, requiring a cURL request and 29 letter "A" characters, as below:
>curl -H "Connection: AAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
Because of its simplicity and remote exploitation factor, the vulnerability — tracked as CVE-2017-12542 — received a severity score of 9.8 out of 10.