Security News > 2021 > May > Hewlett Packard Enterprise Plugs Critical Bug in Edge Platform Tool
Hewlett Packard Enterprise is urging customers to patch one of its premier edge application management tools that could allow an attacker to carry out a remote authentication bypass attack and infiltrate a customer's cloud infrastructure.
Rated critical, with a CVSS score of 9.8, the bug impacts all versions of HPE's Edgeline Infrastructure Manager prior to version 1.21.
Users are urged to update to HPE EIM v1.22 or later to fix the bug.
Researchers at Tenable first identified the vulnerability in late January, notifying HPE on February 1 of the critical bug.
More than a dozen versions of software are impacted, running on operating systems ranging from CentOS 7, Red Hat Enterprise Linux, SUSE and multiple versions of Windows, according to HPE. "A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software. The vulnerability could be remotely exploited to bypass remote authentication leading to execution of arbitrary commands, gaining privileged access, causing denial of service, and changing the configuration," wrote HPE Product Security Response Team in a security bulletin posted Friday.
From the time Tenable researchers brought the bug to HPE's attention and the deployed fix 87 days had elapsed, according to the Tenable.
News URL
https://threatpost.com/hewlett-packard-critical-bug-edge/165797/