Multiple Vulnerabilities in HP Intelligent Management Center (iMC) Could Allow for Arbitrary Code Execution.

ITS Advisory Number: 
2020-143
Date(s) Issued: 
Tuesday, October 20, 2020
Subject: 
Multiple Vulnerabilities in HP Intelligent Management Center (iMC) Could Allow for Arbitrary Code Execution.
Overview: 

Multiple vulnerabilities have been discovered in HP Intelligent Management Center (iMC), the most severe of which could allow for arbitrary code execution. HP Intelligent Management Center (iMC) is software platform used to manage enterprise network environments. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution within the context of a privileged process. Attackers can exploit these issues to execute arbitrary code, gain elevated privileges, bypass certain security restrictions, perform unauthorized actions or cause denial-of-service. Other attacks are possible.

 

THREAT INTELLIGENCE:

There are currently no reports of these vulnerabilities being exploited in the wild.

Systems Affected: 
  • Versions prior to HP Intelligent Management Center (iMC) PLAT 7.3
RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
High
BUSINESS
Large and medium business entities: 
High
Small business entities: 
High
Home Users: 
Low
Description: 

Multiple vulnerabilities have been discovered in HP Intelligent Management Center (iMC), the most severe of which could allow for arbitrary code execution. A full list of all vulnerabilities can be found at the link provided in the reference section of this advisory under HP.

Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution within the context of a privileged process. Attackers can exploit these issues to execute arbitrary code, gain elevated privileges, bypass certain security restrictions, perform unauthorized actions or cause denial-of-service. Other attacks are possible.

Actions: 
  • After appropriate testing, immediately apply updates by HP Intelligent Management Center to vulnerable systems.

  • Restrict access to devices and applications from only authorized users and hosts.

  • Remind users not to visit websites or follow links provided by unknown or untrusted sources.

  • Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.

  • Apply the Principle of Least Privilege to all systems and services.

References: 

HP:
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=em...

CVE:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24629
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24630
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24646
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24647
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24648
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24649
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24650
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24651
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24652
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7141
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7142
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7143
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7144
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7145
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7146
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7147
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7148
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7149
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7150
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7151
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7152
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7153
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7154
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7155
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7156
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7157
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7158
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7159
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7160
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7161
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7162
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7163
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7164
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7165
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7166
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7167
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7168
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7169
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7170
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7171
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7172
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7173
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7174
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7175
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7176
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7177
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7178
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7179
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7180
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7181
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7182
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7183
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7184
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7185
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7186
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7187
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7188
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7189
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7190
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7191
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7192
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7193
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7194
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7195