Summary: CISA has added a maximum-severity vulnerability in HPE OneView to its Known Exploited Vulnerabilities (KEV) catalog. The flaw allows unauthenticated remote code execution (RCE) via a publicly reachable REST API. Threat actors are actively scanning for unpatched management interfaces to gain total control over data center infrastructure.
Business Impact: Critical. OneView serves as the central “brain” for servers, storage, and networking. Compromise grants an attacker a “skeleton key” to the entire environment, bypassing most perimeter defenses. For organizations in Bahrain, this is a P1 risk for data center operations.
Why It Happened: Improper input handling in the management API allowed for code injection. The speed of weaponization (Metasploit modules surfaced within days) shows the high value attackers place on infrastructure management platforms.
Recommended Executive Action: Mandate a 24-hour patching window for all HPE OneView instances. If immediate patching is not possible, disable external access to the management VLAN and rotate all administrative API tokens.
Hashtags: #HPE #CISA #Vulnerability #KEV #DataCenterSecurity #PatchNow