Remote Code Execution Vulnerability Affects HPE Insight Remote Support
CVE-2024-53676

9.8CRITICAL

Key Information:

Vendor: HP
Status: HP Insight Remote Support
Vendor: CVE Published:; 27 November 2024

Summary

A directory traversal vulnerability exists within Hewlett Packard Enterprise Insight Remote Support software that could be exploited by an attacker to gain unauthorized access to the system. This flaw allows an adversary to craft a malicious input, potentially leading to the execution of arbitrary code on the affected system. Proper configuration and ongoing security updates are crucial for mitigating the risks associated with this vulnerability.

Affected Version(s)

HPE Insight Remote Support 0 < 7.14.0.629

References

https://support.hpe.com/hpesc/public/docDisplay?docLocale...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 27, 2024