ESB-2018.1390 - [Appliance] Insight Remote Support: Reduced security - Unknown/unspecified 2018-05-07

Printable version
PGP/GPG verifiable version

Hash: SHA256

             AUSCERT External Security Bulletin Redistribution

            Certificates updated in HPE Insight Remote Support
                                7 May 2018


        AusCERT Security Bulletin Summary

Product:          Insight Remote Support
Publisher:        Hewlett-Packard
Operating System: Network Appliance
Impact/Access:    Reduced Security -- Unknown/Unspecified
Resolution:       Patch/Upgrade

- --------------------------BEGIN INCLUDED TEXT--------------------

Hewlett Packard Enterprise

Support Services
Technology Release Announcement May 4, 2018

Announcing the release of Insight Remote Support 7.9

* HPE Insight Remote Support (Insight RS) 7.9 features several new security, efficiency and operational enhancements in this latest release including: 
* Enhanced Certificate Management - timely and secure notification of expiring certificates with configurable expiry timeframes to balance customers' security policies and recurrence of certificate maintenance; applies to XP storage arrays and some HP-UX products
* Solution Manager updates - time-saving, auto-population of CDID when selecting Solution Type; simplified list of solutions with remapping of product names (e.g., HP>HPE) 
* Enhanced Active Directory Support - Customers with multi-controller AD environments can log in to Insight RS when the originally configured domain controller is not available
* Message Board efficiencies - Ability to filter and delete bulk messages 
* Security and Privacy updates - removal of Data Collection files from local hosting server; enhanced security in handling of personal data
* Proactive notification to users of any unexpected database issues

Insight Remote Support 7.9 build now includes remote support enablement for:

* HPE Integrity RX2800 Server - i6 Processor upgrade (VSI OpenVMS)
* HPE Integrity BL860c Server - i6 Processor upgrade (VSI OpenVMS)
* HPE Integrity BL890c Server - i6 Processor upgrade (VSI OpenVMS)
* HPE InfiniBand FDR 2-port 545M Adapter
* HPE ProLiant Gen 10/iLO 5 NVMe events
* HPE Command View TL 5.4
* HPE StoreFabric 8600B 32Gb FC SAN Director Switch
* HPE Aruba 2930F TAA Compliant Switch Series (update)

Download Insight RS 7.9 from Software Depot

Advisory: Download new certificates to ensure Insight RS connectivity

 Beginning November 1, 2018, the Insight RS solution will move to new root and intermediate security certificates which enable communication from our customers to the HPE Remote Support Data Centers. To ensure continued connectivity with HPE Insight Remote Support, all users must update these certificates. If you are installing the new Insight RS 7.9 version, no further action is required as the certificate is included in the build.

 Insight Remote Support has released the new certificates, issued by DigiCert Corp, through the Insight RS Software Manager. If you are not running a supported version of Insight RS (7.7 or newer) by November 1, 2018, Insight RS will no longer be able to communicate with the HPE Remote Support Data Center. For more information and download instructions, click here.

Download Insight RS 7.9 from Software Depot

 For further assistance: 
* Log a request with Insight RS customer support
* HPE Insight Remote Support 7.9 Release Notes
* HPE Insight Remote Support 7.9 Quick Installation Guide
* HPE Insight Remote Support 7.9 Installation and Configuration Guide
* HPE Insight Remote Support 7.9 Monitored Devices Configuration Guide
* HPE Insight Remote Support 7.9 Upgrade Guide

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

Australian Computer Emergency Response Team
The University of Queensland
Qld 4072

Internet Email:
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.


« Back to bulletins