Lucene search
Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)ZDI-23-1599HistoryNov 14, 2023 - 12:00 a.m.
Hewlett Packard Enterprise OneView Backup Hard-coded Cryptographic Key Remote Code Execution Vulnerability
2023-11-1400:00:00
Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)
www.zerodayinitiative.com
4
hewlett packard enterprise
oneview
backup functionality
cryptographic key
remote code execution
authentication bypass
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise OneView. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Backup functionality. The issue results from the productβs use of a hard-coded cryptographic key. An attacker can leverage this vulnerability to execute code in the context of root.
Related
prion
prion
Remote code execution
2023-10-25 18:17:00
nvd
nvd
CVE-2023-30912
2023-10-25 18:17:27
cve
cve
CVE-2023-30912
2023-10-25 18:17:27
cvelist
cvelist
CVE-2023-30912
2023-10-25 14:39:54