HPE Insight Remote Support: Monitoring software enables code smuggling
Some critical vulnerabilities in the free HPE Insight Remote Support monitoring software allow malicious code to be infiltrated.
(Image: Bild erstellt mit KI in Bing Image Creator durch heise online / dmk)
The HPE Insight Remote Support monitoring software offered free of charge by HPE is vulnerable to the infiltration of malicious code. The manufacturer also warns of further vulnerabilities in the software.
In the security announcement, HPE remains very superficial about the vulnerabilities. The manufacturer rates the urgency as "high" and describes the effects as code execution, directory traversal and information leakage "remotely". The most serious is a directory traversal vulnerability in the software, which allows attackers to smuggle in and execute arbitrary code(CVE-2024-53676, CVSS 9.8, risk"critical").
Only superficial vulnerability descriptions
HPE does not provide more detailed information on the vulnerability. It remains unclear how attackers can exploit it, how attacks can be detected or what possible temporary countermeasures would be. Another vulnerability concerns the deserialization of data in Java, which allows unauthenticated attackers to inject code (CVE-2024-53673, CVSS 8.1, high). HPE does not provide any further helpful information here either.
Videos by heise
Three further vulnerabilities (CVE-2024-11622, CVE-2024-53674, CVE-2024-53675) also achieve a high risk rating with a CVSS value of 7.3. HPE Insight Remote Support is vulnerable before the now released version 7.14.0.629. Admins who use the software in their network should install this or newer versions quickly to minimize the attack surface in their network.
HPE Insight Remote Support is a monitoring software that HPE customers can install in their network free of charge. It collects information from HPE servers and devices and shares it with HPE Support. If problems occur with the devices, technical support can react at an early stage and initiate solutions.
Monitoring software for networks repeatedly has security vulnerabilities. About two weeks ago, for example, Icinga had to close a critical vulnerability in certificate verification. This allowed attackers to imitate trusted cluster nodes and API users and infiltrate commands.
(dmk)
