A critical vulnerability identified as CVE-2024-13804 was discovered in HPE's Insight Cluster Management Utility (CMU) v8.2, allowing unauthenticated attackers to execute commands with root privileges on affected servers. The flaw is due to a lack of proper server-side validation for client-side authorization checks in the application. This high-severity issue is particularly concerning because the CMU software is End-of-Life and will not receive any further security updates. Organizations using this vulnerable software face a significant risk and must rely on network-level isolation to mitigate potential exploits. This failure in security could result in complete system control by an attacker, leading to unprecedented access to sensitive computing environments managed by the CMU. The lapse in timely disclosure and patching of the vulnerability underscores systemic challenges in the vulnerability disclosure process.
Source: https://cybersecuritynews.com/hewlett-packard-rce-vulnerability/
"id": "hpe317033125",
"linkid": "hpe",
"type": "Vulnerability",
"date": "3/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"