CRITICAL🇵🇱 Wersja polska

CVE-2024-53676

CVSS 9.8v3.1pub. 2024-11-27upd. 2025-03-05

A directory traversal vulnerability in Hewlett Packard Enterprise Insight Remote Support may allow remote code execution.

🤖 AI Analysis
How it works

The vulnerability consists of improper validation of file paths (path traversal, CWE-22), which allows an attacker to escape the allowed directory and gain access to arbitrary file system resources. Also classified as CWE-552 (Files or Directories Accessible to External Parties), suggesting the possibility of reading or writing system files through the network interface. Exploitation of the vulnerability does not require authentication or user interaction, and the attack can be conducted remotely over the network.

Impact

Successful exploitation of the vulnerability may lead to complete remote code execution (RCE) on the affected system, and consequently to takeover of server control, violation of data confidentiality and integrity, and disruption of service availability.

Mitigation & patch

Patches available from the vendor should be applied in accordance with the references — details in the official HPE bulletin: https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04731en_us

Who is affected

HPE Insight Remote Support — versions specified in vendor references (HPE SBGN04731 document)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • HPE Insight Remote Support

    APP
    Hpe
    < 7.14.0.629
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEPath Traversal
CWE
References

Related vulnerabilities

CVE-2025-37099CRITICAL9.8PL ✓ten sam produkt

RCE w HPE Insight Remote Support — krytyczna podatność zdalna

CVE-2025-37097HIGH7.5ten sam produkt

A vulnerability in HPE Insight Remote Support (IRS) prior to v7.15.0.646 may allow an unauthenticated denial o...

CVE-2025-37098HIGH7.5ten sam produkt

A path traversal vulnerability exists in HPE Insight Remote Support (IRS) prior to v7.15.0.646.

CVE-2024-53674HIGH7.3ten sam produkt

An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to d...

CVE-2024-53675HIGH7.3ten sam produkt

An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to d...