Inspur ClusterEngine V4.0 RCE

Anandhu Krishnan
Published on
16 Jun 2021

ClusterEngine is a cluster management programme created by Inspur on its own. Inspur ClusterEngine V4.0 has a Remote Code Execution flaw. A malicious hacker may send bogus login packets to the control server. It has been deemed critical. This flaw affects any unidentified processing of the Control Server portion. A privilege escalation vulnerability is created when an undefined input is manipulated.

Mitigation / Precaution

  • To unlock the defence, upgrade your Security Gateway product to the most recent IPS update.
  • Security Gateway R80 / R77 / R75
    • In the IPS column, press Protections, then use the Search tool to locate the Inspur ClusterEngine Remote Code Execution (CVE-2020-21224) security and Edit its parameters.
    • Policy must be installed on all Security Gateways.
Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.

Written by
Anandhu Krishnan
Anandhu Krishnan
Lead Engineer
Find website security issues in a flash
Improve your website's security posture with proactive vulnerability detection.
Free website security assessment