ZDI-23-1599: Hewlett Packard Enterprise OneView Backup Hard-coded Cryptographic Key Remote Code Execution Vulnerability | allinfosecnews.com

Nov. 14, 2023, 6 a.m. |

ZDI: Published Advisories www.zerodayinitiative.com

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise OneView. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2023-30912.

arbitrary code attackers authentication backup code code execution cryptographic cve cves cvss enterprise exploit hard hewlett packard hewlett packard enterprise key mechanism oneview rating remote code remote code execution vulnerability zdi

More from www.zerodayinitiative.com / ZDI: Published Advisories

ZDI-24-427: Adobe Acrobat Reader DC AcroForm Out-Of-Bounds Read Remote Code Execution Vulnerability 23 hours ago | www.zerodayinitiative.com

acrobat acrobat reader adobe adobe acrobat +17

ZDI-24-426: Adobe Acrobat Reader DC AcroForm Use-After-Free Information Disclosure Vulnerability 23 hours ago | www.zerodayinitiative.com

acrobat acrobat reader adobe adobe acrobat +19

ZDI-24-425: Adobe Acrobat Reader DC AcroForm Use-After-Free Remote Code Execution Vulnerability 23 hours ago | www.zerodayinitiative.com

acrobat acrobat reader adobe adobe acrobat +18

ZDI-24-424: Adobe Acrobat Reader DC AcroForm Use-After-Free Remote Code Execution Vulnerability 23 hours ago | www.zerodayinitiative.com

acrobat acrobat reader adobe adobe acrobat +18

ZDI-24-423: Adobe Acrobat Reader DC AcroForm Use-After-Free Remote Code Execution Vulnerability 23 hours ago | www.zerodayinitiative.com

acrobat acrobat reader adobe adobe acrobat +18

ZDI-24-422: Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability 23 hours ago | www.zerodayinitiative.com

acrobat acrobat reader adobe adobe acrobat +18

ZDI-24-421: SonicWALL GMS Virtual Appliance ECMClientAuthenticator Hard-Coded Credential Authentication Bypass Vulnerability 23 hours ago | www.zerodayinitiative.com

attackers authentication authentication bypass bypass +14

ZDI-24-420: SonicWALL GMS Virtual Appliance ECMPolicy XML External Entity Processing Information Disclosure Vulnerability 23 hours ago | www.zerodayinitiative.com

attackers authentication can cve +19

ZDI-24-419: (Pwn2Own) Xiaomi Pro 13 GetApps integral-dialog-page Cross-Site Scripting Remote Code Execution Vulnerability 6 days, 23 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +18

Cyber Security Engineer I

@ Fortress Security Risk Management | Cleveland, OH, United States

View on infosec-jobs.com

Senior DevSecOps Engineer

@ Wisk Aero | Remote United States

View on infosec-jobs.com

Vulnerable Adult Investigator - Vice President

@ JPMorgan Chase & Co. | Chicago, IL, United States

View on infosec-jobs.com

Consultant Réseaux IT Digital Impulse - H/F

@ Talan | Paris, France

View on infosec-jobs.com

DevSecOps Engineer (Onsite)

@ Accenture Federal Services | Arlington, VA

View on infosec-jobs.com

Senior Security Engineer

@ Minitab | State College, Pennsylvania, United States

View on infosec-jobs.com