CVE-2020-24626
📋 TL;DR
This vulnerability allows unauthenticated attackers to perform directory traversal attacks via the ReceiverServlet class in HPE Pay Per Use Utility Computing Service Meter. Successful exploitation can lead to arbitrary remote code execution. Organizations using HPE PPU UCS Meter version 1.9 are affected.
💻 Affected Systems
- HPE Pay Per Use Utility Computing Service Meter
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with attacker gaining full control over the server, potentially leading to data theft, ransomware deployment, or use as a foothold for lateral movement.
Likely Case
Remote code execution allowing attackers to install malware, exfiltrate sensitive data, or disrupt metering operations.
If Mitigated
Limited impact with proper network segmentation and access controls preventing exploitation attempts.
🎯 Exploit Status
The vulnerability requires no authentication and directory traversal to RCE is typically straightforward.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 2.0 or later
Vendor Advisory: https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04037en_us
Restart Required: Yes
Instructions:
1. Download the updated version from HPE support portal. 2. Backup current configuration. 3. Install the updated version following HPE documentation. 4. Restart the service.
🔧 Temporary Workarounds
Network Access Restriction
allRestrict network access to the ReceiverServlet endpoint to trusted IP addresses only.
Use firewall rules to limit access to the service port (typically 8080/8443) to authorized management networks.
Authentication Enforcement
allImplement authentication before the vulnerable endpoint if possible.
Configure web server or application firewall to require authentication for /ReceiverServlet paths.
🧯 If You Can't Patch
- Isolate the system in a restricted network segment with no internet access.
- Implement strict network monitoring and intrusion detection for the service.
🔍 How to Verify
Check if Vulnerable:
Check the installed version of HPE PPU UCS Meter. If version is 1.9, the system is vulnerable.Check Version:
Check the application interface or configuration files for version information.Verify Fix Applied:
Verify the installed version is 2.0 or later and test that directory traversal attempts are blocked.📡 Detection & Monitoring
Log Indicators:
- Unusual file path patterns in ReceiverServlet access logs
- Multiple failed directory traversal attempts
- Unexpected process execution from the service account
Network Indicators:
- HTTP requests to ReceiverServlet with ../ patterns in parameters
- Unusual outbound connections from the meter service
SIEM Query:
source="*meter*" AND (uri="*ReceiverServlet*" AND (param="*../*" OR param="*..\\*"))