Remote Stored XSS Vulnerability in HPE KVM IP Console Switches
CVE-2020-24627

5.4MEDIUM

Key Information:

Vendor: HP
Status: HP Kvm Ip Console Switches
Vendor: CVE Published:; 2 October 2020

Summary

A remote stored XSS vulnerability exists in HPE's KVM IP Console Switches, allowing malicious actors to inject harmful scripts into the affected firmware. This can compromise sensitive user data and overall system integrity. Users running versions earlier than 2.8.3 are strongly advised to update their systems to mitigate this risk. For more information, please refer to the official documentation.

Affected Version(s)

HPE KVM IP Console Switches G2 4x1Ex32 Prior to 2.8.3

References

https://support.hpe.com/hpsc/doc/public/display?docLocale...

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 2, 2020
Vulnerability Reserved
Aug 25, 2020