A newly disclosed vulnerability in Hewlett Packard Enterprise’s (HPE) Insight Remote Support tool enables unauthenticated attackers to execute arbitrary code on vulnerable systems, with proof-of-concept (PoC) exploit code now publicly available.
Tracked as CVE-2024-53676, this critical remote code execution (RCE) flaw stems from improper validation of user-supplied file paths in the tool’s file upload functionality, allowing attackers to overwrite system files and deploy malicious payloads with SYSTEM-level privileges.
https://cybersecuritynews.com/hpe-remot ... erability/