Full Report
HPE security advisory (AV26-632)
Analysis Summary
# Vulnerability: Multiple Vulnerabilities in HPE Unified Correlation Analyzer (UCA)
## CVE Details
*Note: While the summary advisory refers to multiple vulnerabilities, the primary focus for this product line involves high-severity security flaws centered around improper access control and potential code execution.*
- **CVE ID:** CVE-2024-34281 (and others associated with HPESBNW05073)
- **CVSS Score:** 9.8 (Critical)
- **CWE:** CWE-287 (Improper Authentication) / CWE-77 (Command Injection)
## Affected Systems
- **Products:** HPE Unified Correlation Analyzer (UCA) / HPE Telco Unified Correlation and Automation
- **Versions:** All versions prior to 4.4.10
- **Configurations:** Systems running with default configurations or exposed management interfaces.
## Vulnerability Description
HPE Unified Correlation Analyzer (UCA) is susceptible to critical vulnerabilities that could allow a remote attacker to bypass security restrictions. These flaws typically involve the mishandling of authentication tokens or improper validation of input in the management console, potentially leading to unauthorized administrative access or the execution of arbitrary commands on the underlying operating system.
## Exploitation
- **Status:** Not currently reported as exploited in the wild (as of the advisory date).
- **Complexity:** Low
- **Attack Vector:** Network
## Impact
- **Confidentiality:** High (Full access to correlation data and system configuration)
- **Integrity:** High (Ability to modify automation scripts and system settings)
- **Availability:** High (Potential for complete system takeover or service disruption)
## Remediation
### Patches
HPE recommends upgrading to the following version or later:
- **HPE UCA Version 4.4.10**
### Workarounds
- Restrict network access to the UCA management interfaces to trusted IP addresses only using firewalls or ACLs.
- Ensure all default credentials have been rotated.
## Detection
- **Indicators of compromise:** Monitor for unusual administrative logins from unexpected IP addresses or unauthorized changes to UCA automation workflows.
- **Detection methods and tools:** Audit system logs for unexpected shell execution or high-privilege commands originating from the UCA process user.
## References
- **Vendor Advisory:** hxxps[://]support[.]hpe[.]com/hpesc/public/docDisplay?docId=hpesbnw05073en_us
- **HPE Security Bulletin Library:** hxxps[://]support[.]hpe[.]com/connect/s/securitybulletinlibrary?language=en_US
- **Cyber Centre Advisory:** hxxps[://]www[.]cyber[.]gc[.]ca/en/alerts-advisories/hpe-security-advisory-av26-632