Login Sign Up

CVE-2022-23698

7.5 HIGH

📋 TL;DR

CVE-2022-23698 is an unauthenticated information disclosure vulnerability in HPE OneView that allows remote attackers to access sensitive data without credentials. This affects HPE OneView versions prior to 6.6, potentially exposing configuration details, credentials, or other confidential information to unauthorized parties.

💻 Affected Systems

Products:
  • HPE OneView
Versions: All versions prior to 6.6
Operating Systems: Not OS-specific - affects HPE OneView appliance/software
Default Config Vulnerable: ⚠️ Yes
Notes: All deployments of affected versions are vulnerable by default; no special configuration required for exploitation.

📦 What is this software?

Oneview by Hp

View all CVEs affecting Oneview →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could obtain administrative credentials, configuration secrets, or sensitive infrastructure data, leading to complete system compromise and lateral movement within the network.

🟠

Likely Case

Unauthorized access to sensitive configuration information, potentially exposing system details that could facilitate further attacks.

🟢

If Mitigated

Limited exposure of non-critical information if proper network segmentation and access controls are implemented.

🌐 Internet-Facing: HIGH - Unauthenticated remote exploitation makes internet-facing instances particularly vulnerable to scanning and automated attacks.
🏢 Internal Only: MEDIUM - Internal systems are still vulnerable to insider threats or compromised internal hosts, but attack surface is reduced compared to internet-facing deployments.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The vulnerability requires no authentication and appears to be straightforward to exploit based on the CVSS score and description.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: HPE OneView 6.6 or later

Vendor Advisory: https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04252en_us

Restart Required: Yes

Instructions:

1. Download HPE OneView version 6.6 or later from HPE support portal. 2. Backup current configuration. 3. Apply the update following HPE's upgrade procedures. 4. Restart the OneView appliance/services as required.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to HPE OneView management interface to trusted administrative networks only.

Firewall Rules

all

Implement strict firewall rules to limit access to HPE OneView ports from unauthorized networks.

🧯 If You Can't Patch

  • Isolate HPE OneView instances behind firewalls with strict access controls
  • Implement network monitoring and alerting for unusual access patterns to OneView interfaces

🔍 How to Verify

Check if Vulnerable:

Check HPE OneView version via web interface or CLI; versions below 6.6 are vulnerable.

Check Version:

Check web interface dashboard or use OneView CLI: 'ovcli version' or similar depending on deployment

Verify Fix Applied:

Verify version is 6.6 or higher and test that unauthenticated information disclosure is no longer possible.

📡 Detection & Monitoring

Log Indicators:

  • Unauthenticated requests to sensitive endpoints
  • Unusual access patterns to information disclosure endpoints

Network Indicators:

  • Unusual traffic to OneView management ports from unauthorized sources
  • Information disclosure patterns in network traffic

SIEM Query:

source_ip NOT IN (trusted_admin_ips) AND dest_port IN (oneview_ports) AND http_status=200 AND http_method=GET

📊 Metadata

CVE ID: CVE-2022-23698
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Published: April 4, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON