Summary: Security researcher Robin has revealed details about a critical vulnerability (CVE-2024-53676) in Hewlett Packard Enterprise Insight Remote Support, which could allow remote code execution through directory traversal. The flaw has a CVSS score of 9.8 and permits unauthenticated attackers to upload malicious files to vulnerable systems. HPE has released an urgent update to address this security issue.
Affected: Hewlett Packard Enterprise Insight Remote Support (Insight RS)
Keypoints :
- Vulnerability allows unauthenticated remote attackers to execute arbitrary code.
- Flaw involves improper path validation in the process of handling attachments.
- Exploitation requires valid device ID and registration token, but gaining access to these credentials enables full exploitation.
- HPE released an update (v7.14.0.629) to mitigate the risks associated with this vulnerability.
Source: https://securityonline.info/hpe-insight-rs-flaw-cve-2024-53676-poc-exploit-published-rce-risk-looms/