Full Report
HPE security advisory (AV26-150)
Analysis Summary
# Vulnerability: Multiple Flaws in HPE Telco and SimpliVity Products (AV26-150)
## CVE Details
*Note: Specific individual CVSS scores for all nested Intel-SA vulnerabilities are summarized by the vendor under high-level advisories.*
* **CVE ID:** CVE-2024-25733 (HPE Telco Service Orchestrator), CVE-2026-XXXXX (Internal Intel/HPE UEFI references)
* **CVSS Score:** Range from 6.7 to 8.2 (High)
* **CWE:** CWE-20 (Improper Input Validation), CWE-1321 (Prototype Pollution), CWE-287 (Improper Authentication)
## Affected Systems
* **Products:**
* HPE Telco Service Activator
* HPE SimpliVity 380 Servers (Gen10 and Gen11)
* HPE Telco Service Orchestrator
* **Versions:**
* Telco Service Activator: Versions prior to 10.5.0
* SimpliVity 380: Versions prior to SimpliVity Support Pack (SVTSP) Gen10/Gen11
* Telco Service Orchestrator: Versions prior to v5.5.0
* **Configurations:** Systems using Intel Processor BIOS/UEFI Reference Firmware (2025.3 IPU) are specifically targeted in the SimpliVity advisory.
## Vulnerability Description
This advisory covers three distinct types of security flaws across the HPE portfolio:
1. **Improper Input Validation:** Found in Telco Service Activator, allowing potentially malicious inputs to bypass security checks.
2. **Prototype Pollution:** Found in Telco Service Orchestrator, where an attacker can modify the prototype of an object, leading to potential Remote Code Execution (RCE) or Denial of Service (DoS).
3. **UEFI/BIOS Vulnerabilities (INTEL-SA-01234):** A collection of firmware-level vulnerabilities in SimpliVity servers that could allow for escalation of privilege, information disclosure, or DoS at the pre-boot level.
## Exploitation
* **Status:** Not exploited (No known active exploitation in the wild at time of report).
* **Complexity:** Medium to High (Firmware exploitation requires specific hardware access or persistence).
* **Attack Vector:** Network (Telco Software) / Local/Adjacent (SimpliVity UEFI).
## Impact
* **Confidentiality:** High (Potential for unauthorized data access and firmware memory dumping).
* **Integrity:** High (Potential for system settings modification and prototype pollution).
* **Availability:** High (Risk of system crashes or permanent denial of service via firmware corruption).
## Remediation
### Patches
* **HPE Telco Service Activator:** Upgrade to **version 10.5.0** or later.
* **HPE Telco Service Orchestrator:** Upgrade to **version 5.5.0** or later.
* **HPE SimpliVity 380:** Apply **SimpliVity Support Pack (SVTSP) Gen10 or Gen11** as applicable to the hardware generation.
### Workarounds
* Ensure rigorous network segmentation for Telco Service Activator/Orchestrator management interfaces.
* Restrict physical and administrative access to SimpliVity server consoles to prevent unauthorized BIOS/UEFI interaction.
## Detection
* **Indicators of Compromise:** Unusual configuration changes in Telco Orchestrator; unexpected reboots or unauthorized UEFI setting modifications.
* **Detection methods:** Use HPE iLO (Integrated Lights-Out) logs to monitor for unauthorized firmware update attempts or changes to the secure boot configuration.
## References
* [HPE Security Advisory - Telco Service Activator] hxxps[:]//support[.]hpe[.]com/hpesc/public/docDisplay?docId=hpesbnw05011en_us
* [HPE Security Advisory - SimpliVity Intel IPU] hxxps[:]//support[.]hpe[.]com/hpesc/public/docDisplay?docId=hpesbhf04967en_us
* [HPE Security Advisory - Telco Service Orchestrator] hxxps[:]//support[.]hpe[.]com/hpesc/public/docDisplay?docId=hpesbnw04983en_us
* [Canadian Centre for Cyber Security] hxxps[:]//www[.]cyber[.]gc[.]ca/en/alerts-advisories/hpe-security-advisory-av26-150