Hewlett Packard Enterprise (HPE) has released a security bulletin, identified as “HPESBMU04573 rev.1,” addressing multiple vulnerabilities in the HPE Unified OSS Console. These vulnerabilities, documented under CVE-2022-24834, CVE-2023-32002, and CVE-2023-38552, have the potential to result in remote access restriction bypass, arbitrary code execution, authentication bypass, and compromise of system integrity.
The affected software versions are HPE Unified OSS Console (UOC) prior to v3.1.0. The Common Vulnerability Scoring System (CVSS) scores for these vulnerabilities range from 7.5 to 10.0, indicating their severity. HPE recommends users to take immediate action by updating their systems to the latest software version, UOC 3.1.0, to mitigate the identified vulnerabilities. The release date of this security bulletin is December 21, 2023, and the document emphasizes the urgency of acting upon the provided information promptly.
It further provides historical information, stating that this is the initial release of the security bulletin. The security bulletin also includes details on how HPE calculates the CVSS scores, providing references to version 3.1.1 and 2.0. Additionally, it highlights the potential security impact of the vulnerabilities, which could allow attackers to execute arbitrary code, bypass authentication, and compromise system integrity. The document concludes with contact information for support channels and reporting potential security vulnerabilities, emphasizing HPE’s commitment to addressing and resolving security issues in their products.
In summary, the security bulletin serves as a crucial resource for users of HPE Unified OSS Console, alerting them to the identified vulnerabilities and urging prompt action to update to the latest version for enhanced security. The inclusion of CVE details, CVSS scores, and recommended resolutions provides users with comprehensive information to assess and address the security risks associated with their systems.