Warning: Critical and high-severity vulnerabilities in HPE Insight Remote Support can lead to remote code execution (RCE) and information disclosure, Patch Immediately!
- CVE-2024-53676 - 9.8 CRITICAL (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
- CVE-2024-53673 - 8.1 HIGH (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
- CVE-2024-11622 - 7.3 HIGH (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
- CVE-2024-53674 - 7.3 HIGH (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
- CVE-2024-53675 - 7.3 HIGH (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Sources
Hewlett Packard Enterprise - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hp...
Risks
Hewlett Packard Enterprise's 'Insight Remote Support' is a software solution that enables reactive and proactive remote support to improve the availability of supported servers, storage and networking.
A critical and several high-severity vulnerabilities exist in its versions prior to v7.14.0.629. If left unpatched, affected devices are vulnerable to remote code execution (CVE-2024-53676 and CVE-2024-53673) and information disclosure (CVE-2024-11622, CVE-2024-53674, and CVE-2024-53675). Furthermore, exploitation of CVE-2024-53676 and CVE-2024-53673 could have a high impact on confidentiality, integrity and availability.
No information is available that the vulnerabilities are being actively exploited.
As indicated above, the vulnerabilities have been addressed in software version v7.14.0.629.
Description
CVE-2024-53676 is a 'Files or Directories Accessible to External Parties' type of vulnerability, also known as 'Directory Traversal', while CVE-2024-53673 is a 'Deserialization of Untrusted Data' type of vulnerability (more specifically a Java deserialization vulnerability). If exploited successfully, both vulnerabilities could allow an attacker to execute code remotely (RCE).
CVE-2024-11622, CVE-2024-53674, and CVE-2024-53675 are 'XML Injection' type of vulnerabilities, also known as 'Blind XPath Injection'. If exploited successfully, a remote attacker may be able to disclose information in certain cases.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
Hewlett Packard Enterprise - https://community.hpe.com/t5/insight-remote-support/bd-p/itrc-305