HPE Community
Server Management - Systems Insight Manager
1753835 Members
7562 Online
108806 Solutions
New Discussion

Re: HP SMH - CVE 2016-2017

 
Koobal
Occasional Visitor

‎09-22-2016 07:02 AM

‎09-22-2016 07:02 AM

HP SMH - CVE 2016-2017

Hello,

As a result of a Security Audit we found that HP SMH is vulnerable to CVE 2016-2017.

http://www.securityfocus.com/archive/1/538556

As there is no mention of this breach in Hp SMH 7.5.5.6 (lastest version we found and installed) and the corrective did not mention it

http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05111017

Is there a way to correct it ? is it possible to upgrade the openssl library installed with HP-SMH ?

 

Thanks for your help,

Best regards

 

0 Kudos
Reply
2 REPLIES 2
Andrew_Haak
Honored Contributor

‎09-25-2016 01:08 PM - edited ‎09-25-2016 01:11 PM

‎09-25-2016 01:08 PM - edited ‎09-25-2016 01:11 PM

Re: HP SMH - CVE 2016-2017

That is the latest version so there is no update available, i don't believe you can update the Open SSL version used in the software. What type of hardware you you use? If it's a Gen8 or newer you should uninstall the SMH and use AMS, if it's an older type youre stuck and if you feel upto it you can place a support case with HP to find out if an update will become available soon. If possible you can restrict access to the SMH to and from the SIM server only, if your SMH is not accesable to a public network you should not be in any real problem
Kind regards,

Andrew
0 Kudos
Reply
Koobal
Occasional Visitor

‎09-27-2016 12:30 AM

‎09-27-2016 12:30 AM

Re: HP SMH - CVE 2016-2017

Hi,

Thanks for your reply.

That's what I did (open a case), they were not aware of that breach, and maybe it will be coreccted in SMH next release (7.6)

For now they told me to deactivated AES-NI support for SMH to workaround the issue.

 

Kind regards,

 

 

 

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.