14 DAY TRIAL // The US Department of Homeland Security’s (DHS) Computer Emergency Readiness Team warns of the existence of three vulnerabilities in HP Insight Diagnostics. HP Insight Diagnostics 9.4.0.4710 and possibly even older versions of the software are impacted.
According to the CERT report, a combination of the vulnerabilities can be leveraged by a remote attacker to execute arbitrary commands with administrative privileges.
The three security holes – CVE-2013-3573, CVE-2013-3574 and CVE-2013-3575 – have been identified by Markus Wulftange from Daimler TSS.
The issues were reported to HP on April 5, 2013, but so far, they haven’t been addressed by the company.
CERT says it’s not aware of any workarounds for the problem. However, they advise HP Insight Diagnostics users to allow connections only from trusted networks and hosts to prevent potential attackers from connecting to the service.