Описание
Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability
FAQ
According to the CVSS metric, the attack vector is adjacent (AV:A) and privileges required are low (PR:L). What does that mean for this vulnerability?
Multiple networking topologies are available to connect High Performance Compute (HPC) resources which are reliant upon intra-nets or private networks and do not expose HPC resources to the public internet regardless of implementation. An attacker must have access to the network connecting the targeted clusters and nodes (PR:L) and must send a specially crafted HTTPS request to the head node (AV:A) to successfully exploit this vulnerability.
For more information on how HPC resources can be connected, please reference this documentation regarding Understanding HPC Cluster Network Topologies.
According to the CVSS metric, the scope is changed (S:C). What does that mean for this vulnerability?
An attacker could exploit this vulnerability by sending a specially crafted HTTPS request to the targeted head node or Linux compute node granting them the ability to perform RCE on other clusters or nodes connected to the targeted head node.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft HPC Pack 2016 | ||
| Microsoft HPC Pack 2019 |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
DOS
EPSS
9 Critical
CVSS3
Связанные уязвимости
Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability
Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability
Уязвимость набора инструментов для высокопроизводительных вычислений (HPC) Microsoft HPC Pack, связанная с отсутствием проверки подлинности для критически важной функции, позволяющая нарушителю выполнить произвольный код
EPSS
9 Critical
CVSS3