Remote Code Injection in HPE KVM IP Console Switches
CVE-2020-24628

8.8HIGH

Key Information:

Vendor: HP
Status: HP Kvm Ip Console Switches
Vendor: CVE Published:; 2 October 2020

What is CVE-2020-24628?

A remote code injection vulnerability has been identified in the HPE KVM IP Console Switches, specifically impacting the G2 4x1Ex32 model prior to version 2.8.3. This vulnerability could allow attackers to execute arbitrary code remotely, posing significant risks to product integrity and user security. It is crucial for users to update their devices to the latest software version to mitigate these risks.

Affected Version(s)

HPE KVM IP Console Switches G2 4x1Ex32 Prior to 2.8.3

References

https://support.hpe.com/hpsc/doc/public/display?docLocale...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 2, 2020
Vulnerability Reserved
Aug 25, 2020