Vulnerability
ClusterEngine is a cluster management programme created by Inspur on its own. Inspur ClusterEngine V4.0 has a Remote Code Execution flaw. A malicious hacker may send bogus login packets to the control server. It has been deemed critical. This flaw affects any unidentified processing of the Control Server portion. A privilege escalation vulnerability is created when an undefined input is manipulated.
Mitigation / Precaution
- To unlock the defence, upgrade your Security Gateway product to the most recent IPS update.
- Security Gateway R80 / R77 / R75
- In the IPS column, press Protections, then use the Search tool to locate the Inspur ClusterEngine Remote Code Execution (CVE-2020-21224) security and Edit its parameters.
- Policy must be installed on all Security Gateways.
Written by
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days
