CVE-2022-28617

9.8 CRITICAL

Authentication Bypass

📋 TL;DR

CVE-2022-28617 is a remote security restriction bypass vulnerability in HPE OneView that allows attackers to circumvent security controls and potentially gain unauthorized access. This affects all HPE OneView installations running versions prior to 7.0. The vulnerability has a critical CVSS score of 9.8, indicating high severity.

💻 Affected Systems

Products:

• HPE OneView

Versions: All versions prior to 7.0

Operating Systems: Not OS-specific - HPE OneView appliance

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations of affected versions are vulnerable. HPE OneView is typically deployed as a virtual appliance.

📦 What is this software?

Oneview by Hp

View all CVEs affecting Oneview →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the HPE OneView management system, allowing attackers to gain administrative control over managed infrastructure, exfiltrate sensitive data, and potentially pivot to other systems.

🟠

Likely Case

Unauthorized access to HPE OneView management interface, enabling configuration changes, privilege escalation, and potential disruption of managed infrastructure.

🟢

If Mitigated

Limited impact if proper network segmentation, access controls, and monitoring are in place, though the vulnerability still presents a significant risk.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability description suggests remote exploitation without authentication. No public exploit code has been identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: HPE OneView 7.0 or later

Vendor Advisory: https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04278en_us

Restart Required: Yes

Instructions:

1. Download HPE OneView 7.0 or later from HPE support portal. 2. Backup current configuration. 3. Deploy the updated version following HPE's upgrade documentation. 4. Verify the update completed successfully.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to HPE OneView management interface to trusted IP addresses only

Access Control Lists

all

Implement strict firewall rules to limit inbound connections to HPE OneView

🧯 If You Can't Patch

• Isolate HPE OneView systems from internet and untrusted networks
• Implement additional authentication layers and monitor for suspicious access attempts

🔍 How to Verify

Check if Vulnerable:

Copy

Check HPE OneView version via web interface or SSH: Login and navigate to Settings > About

Check Version:

Copy

ssh admin@oneview-ip 'cat /opt/oneview/version' or check web interface

Verify Fix Applied:

Copy

Verify version is 7.0 or higher in Settings > About section

📡 Detection & Monitoring

Log Indicators:

• Unauthorized access attempts to HPE OneView
• Unusual configuration changes
• Authentication bypass patterns

Network Indicators:

• Unexpected connections to HPE OneView management ports
• Traffic from untrusted sources to OneView

SIEM Query:

Copy

source="oneview" AND (event_type="authentication_failure" OR event_type="configuration_change")

📊 Metadata

CVE ID: CVE-2022-28617

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Published: May 17, 2022

Last Updated: November 21, 2024

🔗 References

• https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04278en_us Patch,Vendor Advisory
• https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04278en_us Patch,Vendor Advisory

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON