ESB-2018.1390 - [Appliance] Insight Remote Support: Reduced security - Unknown/unspecified 2018-05-07

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.1390
            Certificates updated in HPE Insight Remote Support
                                7 May 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:          Insight Remote Support
Publisher:        Hewlett-Packard
Operating System: Network Appliance
Impact/Access:    Reduced Security -- Unknown/Unspecified
Resolution:       Patch/Upgrade

- --------------------------BEGIN INCLUDED TEXT--------------------

Hewlett Packard Enterprise

Support Services
 
Technology Release Announcement May 4, 2018

Announcing the release of Insight Remote Support 7.9

* HPE Insight Remote Support (Insight RS) 7.9 features several new security, efficiency and operational enhancements in this latest release including: 
* Enhanced Certificate Management - timely and secure notification of expiring certificates with configurable expiry timeframes to balance customers' security policies and recurrence of certificate maintenance; applies to XP storage arrays and some HP-UX products
* Solution Manager updates - time-saving, auto-population of CDID when selecting Solution Type; simplified list of solutions with remapping of product names (e.g., HP>HPE) 
* Enhanced Active Directory Support - Customers with multi-controller AD environments can log in to Insight RS when the originally configured domain controller is not available
* Message Board efficiencies - Ability to filter and delete bulk messages 
* Security and Privacy updates - removal of Data Collection files from local hosting server; enhanced security in handling of personal data
* Proactive notification to users of any unexpected database issues

Insight Remote Support 7.9 build 7.9.0.65 now includes remote support enablement for:

Servers 
* HPE Integrity RX2800 Server - i6 Processor upgrade (VSI OpenVMS)
* HPE Integrity BL860c Server - i6 Processor upgrade (VSI OpenVMS)
* HPE Integrity BL890c Server - i6 Processor upgrade (VSI OpenVMS)
* HPE InfiniBand FDR 2-port 545M Adapter
* HPE ProLiant Gen 10/iLO 5 NVMe events
Storage 
* HPE Command View TL 5.4
* HPE StoreFabric 8600B 32Gb FC SAN Director Switch
Networking 
* HPE Aruba 2930F TAA Compliant Switch Series (update)

Download Insight RS 7.9 from Software Depot https://h20392.www2.hpe.com/portal/swdepot/displayProductsList.do?groupName=Insight+Remote+Support

Advisory: Download new certificates to ensure Insight RS connectivity

 Beginning November 1, 2018, the Insight RS solution will move to new root and intermediate security certificates which enable communication from our customers to the HPE Remote Support Data Centers. To ensure continued connectivity with HPE Insight Remote Support, all users must update these certificates. If you are installing the new Insight RS 7.9 version, no further action is required as the certificate is included in the build.

 Insight Remote Support has released the new certificates, issued by DigiCert Corp, through the Insight RS Software Manager. If you are not running a supported version of Insight RS (7.7 or newer) by November 1, 2018, Insight RS will no longer be able to communicate with the HPE Remote Support Data Center. For more information and download instructions, click here. https://support.hpe.com/hpsc/doc/public/display?docId=a00046332en_us

Download Insight RS 7.9 from Software Depot https://h20392.www2.hpe.com/portal/swdepot/displayProductsList.do?groupName=Insight+Remote+Support

 For further assistance: 
* Log a request with Insight RS customer support https://www.hpe.com/us/en/services/get-connected.html#tehnical
* HPE Insight Remote Support 7.9 Release Notes https://support.hpe.com/hpsc/doc/public/display?docId=a00046191en_us
* HPE Insight Remote Support 7.9 Quick Installation Guide https://support.hpe.com/hpsc/doc/public/display?docId=a00046193en_us
* HPE Insight Remote Support 7.9 Installation and Configuration Guide https://support.hpe.com/hpsc/doc/public/display?docId=a00046194en_us
* HPE Insight Remote Support 7.9 Monitored Devices Configuration Guide https://support.hpe.com/hpsc/doc/public/display?docId=a00046195en_us
* HPE Insight Remote Support 7.9 Upgrade Guide https://support.hpe.com/hpsc/doc/public/display?docId=a00046196en_us

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWu+sK4x+lLeg9Ub1AQgKEhAAgdSy21FgMJNz5wPuaPorEgY4wp7bMAWO
HH7fPJlFCo96fZF/QNFVnEf2jWqjbPkvlwbX9rw8F81MPpyhZLwnm0bqP5osP+qF
qtW2L00ycejDX83OuMv1IuQnQTN1XnKKeg6bVJtqfhEE5rPp6/1Qzmto1oBrvBTT
vJEeEWLiEnuc66Kc9Pm8iyK4T+SVS2OipNMcR1sjj3yVS1EezvnJ7fK/3x0wC8U+
oTtO/goXOPQEEEWOLTHyJI2i89YWYax15lTGUUf0vTlL4quMqzyOgIiCYuA3ZVZh
isx0xUgy1lX6eZ9DdtmA9IoWss8K8MAQDk2K5UfiShkrHOXP+0KZFxF9K7yquODi
uusvUufFsGYIhWBXtowP6yCPlkzXfYt3P3WEtUh8UGolg1jTZUt5OgFMIcjCp86F
DVxfBMrQ6fA2LHMNG2TGGjjH4cvu4Shvpa+B9exxxbAfruNlSt30SigZQa4KNojm
lldhMIpEOf54Qqjmf3fcFtPR0VPxXRcE9hNvsx7KavgzIGJCwWVDdCzWGyCwfDby
FRj8UBRlQuot/CmH8BIyphb80zfz1s/tW1DuSglPvPOXc5r4F+FVs6YW4XwVUbN6
jbGin89mU/hHZFRWkr3AmbmmvJevz+XNoUbusTxQ7woSJprpkpj9ows4MRop8gp1
jr2FX9cTTGI=
=Xy8a
-----END PGP SIGNATURE-----

« Back to bulletins