A remote code execution vulnerability exists in HPE Insight Remote Support (IRS) prior to v7.15.0.646.
The vulnerability is classified as CWE-94 (Improper Control of Generation of Code) and indicates the possibility of code injection or manipulation of code executed by the application. An attacker can send specially crafted requests to the IRS system without the need for authentication, which leads to arbitrary code execution on the server side. The network vector (AV:N) with no privilege requirements (PR:N) and user interaction (UI:N) means full remote exploitation.
Successful exploitation allows an attacker to gain full system control — violation of confidentiality, integrity, and availability of data and services. The attacker can gain unauthorized access to sensitive information managed by IRS, modify configuration, or completely disable the service.
HPE Insight Remote Support must be immediately updated to version v7.15.0.646 or later. Detailed update instructions are available in the official HPE security bulletin at: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04878en_us&docLocale=en_US
HPE Insight Remote Support (IRS) in all versions earlier than v7.15.0.646
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HHPE Insight Remote Support
APPHpe< 7.15.0.646
Related vulnerabilities
Path Traversal w HPE Insight Remote Support umożliwiający RCE
A path traversal vulnerability exists in HPE Insight Remote Support (IRS) prior to v7.15.0.646.
A vulnerability in HPE Insight Remote Support (IRS) prior to v7.15.0.646 may allow an unauthenticated denial o...
An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to d...
An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to d...