A high-severity security vulnerability has been recently disclosed by Hewlett Packard Enterprise (HPE) in its IceWall products that could potentially allow remote attackers to cause unauthorized data modification.
The vulnerability, identified as CVE-2024-11856, affects multiple versions of HPE IceWall modules across various platforms.
The security flaw resides in the certd component of affected IceWall products. Exploiting this vulnerability could enable an attacker to repeatedly fail password attempts beyond the specified limit.
This breach in security controls could lead to unauthorized access and potential data manipulation.
Cybersecurity analysts at HPE observed the following products were affected:-
- IceWall Gen11 Enterprise Edition certd (RHEL 7, 8, 9 and Windows)
- IceWall Gen11 Standard Edition certd (RHEL 7, 8, 9 and Windows)
- IceWall SSO certd 10.0 (HP-UX)
Leveraging 2024 MITRE ATT&CK Results for SME & MSP Cybersecurity Leaders – Attend Free Webinar
Technical Analysis
HPE has rated the severity of this vulnerability as “High.” The Common Vulnerability Scoring System (CVSS) Version 3.1 base score for CVE-2024-11856 is 3.7, with the following vector:-
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
This score indicates that while the vulnerability is exploitable remotely, it requires a high level of attack complexity and only allows for low-impact unauthorized modifications without affecting data confidentiality or system availability.
To address this security issue, HPE has released updated modules for the affected IceWall products:-
- IceWall Gen11 certd Patch Release 14 for RHEL 7, 8 and 9
- IceWall Gen11 certd Patch Release 14 for Windows
- IceWall SSO 10.0 certd Patch Release 10 for HP-UX
HPE strongly recommends that customers apply these patches as soon as possible to mitigate the risk of potential attacks.
Organizations using HPE IceWall products should review their systems and implement the appropriate updates in accordance with their patch management policies.
Here below we have mentioned all the recommendations:-
- Identify all instances of affected HPE IceWall products in your environment.
- Download and apply the relevant patches provided by HPE.
- Conduct a thorough security assessment of systems that may have been exposed to this vulnerability.
- Monitor for any signs of unauthorized access or data modification.
- Review and strengthen access control policies and password management practices.
As with any security update, it is crucial for organizations to stay vigilant and promptly address vulnerabilities to maintain the integrity and security of their systems.
Analyse Advanced Malware & Phishing Analysis With ANY.RUN Black Friday Deals : Get up to 3 Free Licenses.