It is currently 24-09-2017 15:07

HP fixed a number of vulnerabilities in the solution of HP vCAS

HP fixed a number of vulnerabilities in the solution of HP vCAS

by sigismund » 2016-08-31 15:21:13


Problems are contained in implementations of OpenSSH and lighttpd.


Hewlett Packard Enterprise (HPE) has released patches that fix a number of vulnerabilities in the solution HP Remote Device Access: Virtual Customer Access System (vCAS), is designed to provide remote support. Problems are contained in implementations of OpenSSH and lighttpd.

According to the warning of the manufacturer, the vulnerability CVE-2015-3200 affects lighttpd to version 1.4.36. The problem allows a remote user to bypass security restrictions. The vulnerability exists due to incorrect authentication of the input data. Remote attacker can inject third-party data to a log file.

CVE-2016-0777 and CVE-2016-0778 exist due to multiple bugs in OpenSSH and affect all versions up to 7.1p2. Problems enable you to uncover important data and bypass security restrictions.

According to experts from HP, all the above vulnerabilities can be remotely proekspluatirovat. An attacker could cause a denial of service, modify the data or to reveal important information.

Also available separate patches for the vCAS systems running on virtual machines, Oracle VirtualBox and VMware.
sigismund
moderators
Сообщений: 788
Депозит: 0 BTC

Rating: 5