Remote Code Execution Vulnerability Affects HPE Insight Remote Support
CVE-2024-53676

9.8CRITICAL

Key Information:

Vendor: HP (HP)
Status: HP Insight Remote Support
Vendor: CVE Published:; 27 November 2024

Badges

👾 Exploit Exists📰 News Worthy

Summary

A directory traversal vulnerability exists within Hewlett Packard Enterprise Insight Remote Support software that could be exploited by an attacker to gain unauthorized access to the system. This flaw allows an adversary to craft a malicious input, potentially leading to the execution of arbitrary code on the affected system. Proper configuration and ongoing security updates are crucial for mitigating the risks associated with this vulnerability.

Affected Version(s)

HPE Insight Remote Support 0 < 7.14.0.629

News Articles

CybersecurityNews

CVE-2024-53676

HPE Remote Support Tool Vulnerability Let Attackers Execute Arbitrary code - PoC Released

A newly disclosed vulnerability in Hewlett Packard Enterprise's (HPE) Insight Remote Support tool enables unauthenticated attackers to execute arbitrary code on vulnerable systems, with proof-of-concept (PoC) exploit code now publicly available.

References

https://support.hpe.com/hpesc/public/docDisplay?docLocale...

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Mar 5, 2025
📰
First article discovered by CybersecurityNews
Mar 5, 2025
Vulnerability published
Nov 27, 2024

Key Information:

Badges

Summary

Affected Version(s)

Get notified when SecurityVulnerability.io launches alerting 🔔

News Articles

HPE Remote Support Tool Vulnerability Let Attackers Execute Arbitrary code - PoC Released

References

EPSS Score

CVSS V3.1

Timeline