Hewlett Packard Enterprise Plugs Critical Bug in Edge Platform Tool

by | May 4, 2021

Reading Time: 1 Minute

Hewlett Packard Enterprise (HPE) is urging customers to patch one of its premier edge application management tools that could allow an attacker to carry out a remote authentication bypass attack and infiltrate a customer’s cloud infrastructure.

 

 

 

Rated critical, with a CVSS score of 9.8, the bug impacts all versions of HPE’s Edgeline Infrastructure Manager (EIM) prior to version 1.21. EIM is the company’s two-year-old edge computing-management suite. Users are urged to update to HPE EIM v1.22 or later to fix the bug.

Researchers at Tenable first identified the vulnerability (CVE-2021-29203) in late January, notifying HPE on February 1 of the critical bug. HPE released fixes for bug on Thursday. More than a dozen versions of software are impacted, running on operating systems ranging from CentOS 7, Red Hat Enterprise Linux, SUSE and multiple versions of Windows, according to HPE.

“A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software. The vulnerability could be remotely exploited to bypass remote authentication leading to execution of arbitrary commands, gaining privileged access, causing denial of service, and changing the configuration,” wrote HPE Product Security Response Team in a security bulletin posted Friday.

 

 

See Also: Chinese hackers targeting Russian nuclear submarine design firm with PortDoor malware

 

 

What’s Behind HPE’s Critical Bug?

 

According to Tenable, the remote authentication-bypass vulnerability is tied to an issue related to how HPE handles password resets for administrator accounts.

“When [a] user logs in to the web application for the first time with the default password for the existing Administrator account, the user is prompted to change the password for the account. The password change is carried out by sending a request to URL /redfish/v1/SessionService/ResetPassword/1. However, after the password change, an unauthenticated remote attacker can use the same URL to reset the password for the Administrator account,” Tenable wrote.

All an attacker has to do next is login to the web application with the updated admin password “by sending a request to URL /redfish/v1/SessionService/Sessions,” Tenable explained.

 

 

See Also: Offensive Security Tool: SSHPry2.0

 

 

From there, researchers said the adversary can then change the password of the “OS root account by sending a request to URL /redfish/v1/AccountService/Accounts/1. This allows the attacker to SSH to the EIM host as root.”

SSH stands for Secure Shell or Secure Socket Shell and is a network protocol that is most often used by system administrators for remote command-line requests, system logins and also for remote command execution.

 

 

 

See Also: Hacking Stories: Xbox Underground

 

 

Tenable posted a proof of concept of the attack. From the time Tenable researchers brought the bug to HPE’s attention and the deployed fix 87 days had elapsed, according to the Tenable.

 

 

 

Source: threatpost.com

 

 

(Click Link)

Offensive Security & Ethical Hacking Course

Begin the learning curve of hacking now!


Information Security Solutions

Find out how Pentesting Services can help you.


Join our Community

Share This