Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning: Critical and high-severity vulnerabilities in HPE Insight Remote Support can lead to remote code execution (RCE) and information disclosure, Patch Immediately!
Image
Published : 29/11/2024
Reference:
Advisory #2024-280
Version:
1.0
Affected software:
HPE Insight Remote Support prior to v7.14.0.629
Type:
Directory traversal, Java deserialization, and XML external entity injection (XXE)
CVE/CVSS:
- CVE-2024-53676 - 9.8 CRITICAL (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
- CVE-2024-53673 - 8.1 HIGH (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
- CVE-2024-11622 - 7.3 HIGH (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
- CVE-2024-53674 - 7.3 HIGH (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
- CVE-2024-53675 - 7.3 HIGH (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Sources
Hewlett Packard Enterprise - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04731en_us
Risks
Hewlett Packard Enterprise's 'Insight Remote Support' is a software solution that enables reactive and proactive remote support to improve the availability of supported servers, storage and networking.
A critical and several high-severity vulnerabilities exist in its versions prior to v7.14.0.629. If left unpatched, affected devices are vulnerable to remote code execution (CVE-2024-53676 and CVE-2024-53673) and information disclosure (CVE-2024-11622, CVE-2024-53674, and CVE-2024-53675). Furthermore, exploitation of CVE-2024-53676 and CVE-2024-53673 could have a high impact on confidentiality, integrity and availability.
No information is available that the vulnerabilities are being actively exploited.
As indicated above, the vulnerabilities have been addressed in software version v7.14.0.629.
Description
CVE-2024-53676 is a 'Files or Directories Accessible to External Parties' type of vulnerability, also known as 'Directory Traversal', while CVE-2024-53673 is a 'Deserialization of Untrusted Data' type of vulnerability (more specifically a Java deserialization vulnerability). If exploited successfully, both vulnerabilities could allow an attacker to execute code remotely (RCE).
CVE-2024-11622, CVE-2024-53674, and CVE-2024-53675 are 'XML Injection' type of vulnerabilities, also known as 'Blind XPath Injection'. If exploited successfully, a remote attacker may be able to disclose information in certain cases.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
Hewlett Packard Enterprise - https://community.hpe.com/t5/insight-remote-support/bd-p/itrc-305