Fortinet Discovers HPE Vertica Analytics Platform Remote Password Change Vulnerability
Summary
Fortinet's FortiGuard Labs has discovered a remote password change vulnerability in HPE Vertica Analytics Platform.
The Hewlett Packard Enterprise (HPE) Vertica Analytics Platform is fueled by ever-growing volumes of Big Data found in many corporations and government agencies. HPE offers the Vertica Analytics Platform, an SQL analytics solution built from the ground to handle massive volumes of data and delivers blazingly fast Big Data analytics. The platform is available in the broadest range of deployment and consumption models, including on premise, on Hadoop, and in the cloud.
A remote password change vulnerability has been discovered in HPE Vertica Analytics Platform. The vulnerability is caused by the dangerous remote password change command which exists in HPE Vertica Analytics Platform. It could be remotely exploited to gain privileged access.
Solutions
FortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:HPE.Vertica.Analytics.Platform.Privileged.Access
Released Apr 14, 2017
Users should apply the solution provided by HPE.