Multiple Vulnerabilities in HP Intelligent Management Center (iMC) Could Allow for Arbitrary Code Execution.
by CIRT Team
DESCRIPTION
Multiple vulnerabilities have been discovered in HP Intelligent Management Center (iMC), the most severe of which could allow for arbitrary code execution. HP Intelligent Management Center (iMC) is software platform used to manage enterprise network environments. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution within the context of a privileged process. Attackers can exploit these issues to execute arbitrary code, gain elevated privileges, bypass certain security restrictions, perform unauthorized actions or cause denial-of-service. Other attacks are possible.
IMPACT
Multiple vulnerabilities have been discovered in HP Intelligent Management Center (iMC), the most severe of which could allow for arbitrary code execution. A full list of all vulnerabilities can be found at the link below: https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=emr_na-hpesbnw04036en_us
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution within the context of a privileged process. Attackers can exploit these issues to execute arbitrary code, gain elevated privileges, bypass certain security restrictions, perform unauthorized actions or cause denial-of-service. Other attacks are possible.
SYSTEM AFFECTED
• Versions prior to HP Intelligent Management Center (iMC) PLAT 7.3
RECOMMENDATIONS
Following actions are recommended to be taken:
• Apply appropriate updates by HP Intelligent Management Center to vulnerable systems, immediately after appropriate testing.
• Restrict access to devices and applications from only authorized users and hosts.
• Remind users not to visit websites or follow links provided by unknown or untrusted sources.
• Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.
• Apply the Principle of Least Privilege to all systems and services.
REFERENCES
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=emr_na-hpesbnw04036en_us
https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-hp-intelligent-management-center-imc-could-allow-for-arbitrary-code-execution_2020-143/
Recommended Posts
Active Exploitation of Critical F5 BIG – IP Vulnerability (CVE–2023-46747) Uncovered in Bangladesh
06 Nov 2024 - Security Advisories & Alerts