Detections
Analytics

HPE Insight Remote Support XXE (CVE-2024-53675)

high Nessus Plugin ID 232652

Language:

Synopsis

A remote support management software is affected by an XXE injection vulnerability.

Description

The HPE Insight Remote Support running on the remote host is affected by an XML external entity injection (XXE) vulnerability. An unauthenticated, remote attacker can exploit this, via a specially crafted message, to disclose information.

Solution

Apply updates in accordance with the vendor advisory.

See Also

http://www.nessus.org/u?d2e1aa3e

Plugin Details

Severity: High

ID: 232652

File Name: hpe_insight_remote_support_cve-2024-53675.nbin

Version: 1.1

Type: remote

Family: CGI abuses

Published: 3/12/2025

Updated: 3/12/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2024-53675

CVSS v3

Risk Factor: High

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Vulnerability Information

CPE: cpe:/a:hpe:insight_remote_support

Required KB Items: installed_sw/HPE Insight Remote Support

Exploited by Nessus: true

Patch Publication Date: 11/22/2024

Vulnerability Publication Date: 11/22/2024

Reference Information

CVE: CVE-2024-53675