Cybersecurity specialists reported the detection of an improper authentication vulnerability in HPE StoreServ Management Console, from HP tech company. It appears that exploiting this flaw would allow threat actors to evade security controls on the affected deployment.
HPE SSMC is the Management and Reporting Console for HPE Primera Data Center Arrays (Data Warehouse for Mission-Critical Applications) and HPE 3PAR StoreServ Systems (AI Cloud Storage Providers).
Tracked as CVE-2020-7197, this failure allows a remote attacker to elude the authentication process. The vulnerability exists due to an error processing authentication requests in HPE 3PAR StoreServ Management and Core Software Media. A remote attacker can bypass the authentication process and gain unauthorized access to the application.
Hewlett Packard Enterprise (HPE) has resolved a critical remote authentication bypass vulnerability (CVE-2020-7197) in HPE StoreServ Management Console (SSMC) data center storage management solutions.
The Fixed Remote Authentication Bypass vulnerability affects HPE 3PAR StoreServ Management and Core Software Media versions 184.108.40.206 and later. The problem achieved a maximum of 10 on the CVSS scale, and its exploitation allows non privileged attackers to exploit it in low-complexity attacks that do not require user interaction.
Users are strongly encouraged to upgrade HPE 3PAR StoreServ Management Console (SSMC) to version 220.127.116.11 or earlier.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.