www.belgium.be Logo of the federal government

Warning: Critical and high-severity vulnerabilities in HPE Insight Remote Support can lead to remote code execution (RCE) and information disclosure, Patch Immediately!

Reference: 
Advisory #2024-280
Version: 
1.0
Affected software: 
HPE Insight Remote Support prior to v7.14.0.629
Type: 
Directory traversal, Java deserialization, and XML external entity injection (XXE)
CVE/CVSS: 
  • CVE-2024-53676 - 9.8 CRITICAL (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
  • CVE-2024-53673 - 8.1 HIGH (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
  • CVE-2024-11622 - 7.3 HIGH (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
  • CVE-2024-53674 - 7.3 HIGH (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
  • CVE-2024-53675 - 7.3 HIGH (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Sources

Hewlett Packard Enterprise - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hp...

Risks

Hewlett Packard Enterprise's 'Insight Remote Support' is a software solution that enables reactive and proactive remote support to improve the availability of supported servers, storage and networking.

A critical and several high-severity vulnerabilities exist in its versions prior to v7.14.0.629. If left unpatched, affected devices are vulnerable to remote code execution (CVE-2024-53676 and CVE-2024-53673) and information disclosure (CVE-2024-11622, CVE-2024-53674, and CVE-2024-53675). Furthermore, exploitation of CVE-2024-53676 and CVE-2024-53673 could have a high impact on confidentiality, integrity and availability.

No information is available that the vulnerabilities are being actively exploited.

As indicated above, the vulnerabilities have been addressed in software version v7.14.0.629.

Description

CVE-2024-53676 is a 'Files or Directories Accessible to External Parties' type of vulnerability, also known as 'Directory Traversal', while CVE-2024-53673 is a 'Deserialization of Untrusted Data' type of vulnerability (more specifically a Java deserialization vulnerability). If exploited successfully, both vulnerabilities could allow an attacker to execute code remotely (RCE).

CVE-2024-11622, CVE-2024-53674, and CVE-2024-53675 are 'XML Injection' type of vulnerabilities, also known as 'Blind XPath Injection'. If exploited successfully, a remote attacker may be able to disclose information in certain cases.

Recommended Actions

Patch

The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.

Monitor/Detect

The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident.
 
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.

References

Hewlett Packard Enterprise - https://community.hpe.com/t5/insight-remote-support/bd-p/itrc-305