Описание
Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability
Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an unauthorized attacker to execute code over a network.
Меры по смягчению последствий
Customers should make sure the HPC Pack clusters are running in a trusted network secured by firewall rules especially for the TCP port 5999.
FAQ
What do customers need to do to mitigate this vulnerability?
If you are currently using HPC Pack 2019 Update 2, you need to upgrade to HPC Pack 2019 Update 3 (Build 6.3.8328) and then apply the QFE patch (Build 6.3.8352).
If you are currently using HPC Pack 2016, you must migrate to 2019 to receive a fix, as there is no in-place update from 2016 to 2019.
How could an attacker exploit the vulnerability?
An attacker who successfully exploits this vulnerability could achieve remote code execution without user interaction.
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
EPSS
9.8 Critical
CVSS3
Связанные уязвимости
Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an unauthorized attacker to execute code over a network.
Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an unauthorized attacker to execute code over a network.
Уязвимость набора инструментов для высокопроизводительных вычислений (HPC) Microsoft HPC Pack, связанная с недостатками механизма десериализации, позволяющая нарушителю выполнить произвольный код
EPSS
9.8 Critical
CVSS3