Threat Update
The organization Hewlett Packard/HP provides many different technologies that are used on both a personal and business level. A vulnerability was recently discovered in one of their commonly used tools, HPE Edgeline Infrastructure manager. The vulnerability could allow for attackers to bypass authentication, and gain access to HPE Edgeline administrator accounts. This could allow attackers to do serious damage. SKOUT recommends that all HPE Edgeline users apply the security patches released by HP to prevent this vulnerability from being exploited.
Technical Detail & Additional Information
WHAT IS THE THREAT?
A remote authentication bypass vulnerability exists in HPE Edgeline Infrastructure Manager version 1.21. A flaw in the way HPE handles password resets for administrator accounts can potentially allow attackers to bypass authentication. When an account is used for the first time, the user will use a default password, and receive a link which can be used to set their actual password. This link has been found to be re-usable, and accessible to unauthenticated users.
WHY IS IT NOTEWORTHY?
HPE Edgeline Infrastructure Manager is a service used by many organizations worldwide. It is used to manage, monitor, and secure all types of systems that may exist on a network. Those organizations who are running version 1.21, which is vulnerable, could potentially be at great risk. In most cases, if an attacker could gain administrative privileges to an organizations Edgeline Infrastructure Manager, they could then infiltrate that organizations entire cloud infrastructure. This vulnerability could allow attackers to do a lot of damage if exploited.
WHAT IS THE EXPOSURE OR RISK?
If this vulnerability is exploited on a network, attackers could infiltrate an organizations entire infrastructure. This can be remotely exploited, after which attackers could do a lot of damage very quickly. If an attacker were to have administrative access on one of these accounts, it would open up the possibility for them to execute commands, escalate privileges, or even denial of service. This could lead to data compromise, and companies not being able to conduct business the way that they need to. The risk is high with this vulnerability, and security patches should be applied immediately to all who are running HPE Edgeline Infrastructure Manager version 1.21.
WHAT ARE THE RECOMMENDATIONS?
Luckily, HP has released a patch for this issue. This patch can be applied simply by updated any instance of HPE Edgeline Infrastructure Manager to version 1.22 or later. SKOUT recommends that these updates be applied ASAP so the proper patches can take effect.
REFERENCES
For more in-depth information about the recommendations, please visit the following links:
- https://securityaffairs.co/wordpress/117513/security/hpe-edgeline-infrastructure-manager-flaw.html
If you have any questions, please contact our Security Operations Center.