x
Limited Time Offer: Save up to 20% on a new CIS SecureSuite Membership | Learn more
×
Why CIS Solutions Join CIS Resources
CIS WorkBench Sign-in CIS WorkBench Sign In CIS Hardened Images CIS Hardened Images Support CIS Support


Why CIS

Who We Are

CIS is an independent, nonprofit organization with a mission to create confidence in the connected world



About Us Leadership Principles Testimonials

Solutions

secure your organization
Secure Your Organization


secure specific platforms
Secure Specific Platforms


cis securesuite CIS SecureSuite® Learn More      Apply Now  
u s state local tribal and territorial governments
U.S. State, Local, Tribal & Territorial Governments


View All Products & Services  

Join CIS

Get Involved

Join CIS as a member, partner, or volunteer - or explore our career opportunities



CIS SecureSuite® Membership Multi-State ISAC (MS-ISAC®) Elections Infrastructure ISAC (EI-ISAC®) CIS CyberMarket® Vendors CIS Communities Careers

Resources

resources
Resources


learn
Learn


filter by topic
Filter by Topic


View All Resources  
CIS Logo Show Search Expand Menu

Multiple Vulnerabilities in HP Intelligent Management Center (iMC) Could Allow for Arbitrary Code Execution.

MS-ISAC ADVISORY NUMBER:

2020-143

DATE(S) ISSUED:

10/20/2020

OVERVIEW:

Multiple vulnerabilities have been discovered in HP Intelligent Management Center (iMC), the most severe of which could allow for arbitrary code execution. HP Intelligent Management Center (iMC) is software platform used to manage enterprise network environments. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution within the context of a privileged process. Attackers can exploit these issues to execute arbitrary code, gain elevated privileges, bypass certain security restrictions, perform unauthorized actions or cause denial-of-service. Other attacks are possible.

THREAT INTELLIGENCE:

There are currently no reports of these vulnerabilities being exploited in the wild.

SYSTEMS AFFECTED:

  • Versions prior to HP Intelligent Management Center (iMC) PLAT 7.3

RISK:

Government:
  • Large and medium government entities: HIGH
  • Small government entities: HIGH
Businesses:
  • Large and medium business entities: HIGH
  • Small business entities: HIGH
Home Users:
LOW

TECHNICAL SUMMARY:

Multiple vulnerabilities have been discovered in HP Intelligent Management Center (iMC), the most severe of which could allow for arbitrary code execution. A full list of all vulnerabilities can be found at the link below:
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=emr_na-hpesbnw04036en_us

Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution within the context of a privileged process. Attackers can exploit these issues to execute arbitrary code, gain elevated privileges, bypass certain security restrictions, perform unauthorized actions or cause denial-of-service. Other attacks are possible.

RECOMMENDATIONS:

We recommend the following actions be taken:

  • Apply appropriate updates by HP Intelligent Management Center to vulnerable systems, immediately after appropriate testing.
  • Restrict access to devices and applications from only authorized users and hosts.
  • Remind users not to visit websites or follow links provided by unknown or untrusted sources.
  • Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.
  • Apply the Principle of Least Privilege to all systems and services.

REFERENCES:

CVE:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24629 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24630 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24646 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24647 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24648 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24649 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24650 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24651 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24652 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7141 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7142 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7143 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7144 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7145 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7146 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7147 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7148 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7149 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7150 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7151 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7152 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7153 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7154 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7155 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7156 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7157 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7158 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7159 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7160 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7161 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7162 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7163 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7164 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7165 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7166 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7167 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7168 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7169 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7170 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7171 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7172 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7173 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7174 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7175 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7176 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7177 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7178 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7179 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7180 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7181 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7182 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7183 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7184 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7185 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7186 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7187 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7188 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7189 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7190 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7191 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7192 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7193 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7194 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7195

Get Email Updates When Cyber Threats Like This Arise

Arrow Subscribe to Advisories

Information Hub : Advisories


CONTROL: 1 --- ADVISORY CONTROL: 0
CONTROL: 2 --- ADVISORY CONTROL: 0
CONTROL: 3 --- ADVISORY CONTROL: 0
CONTROL: 4 --- ADVISORY CONTROL: 0