The vulnerability in the khuploadfile.cgi script of the HPE Moonshot Provisioning Manager Appliance allows a perpetrator to execute arbitrary code with root privileges.

🗓️ 28 Mar 2018 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

Khuploadfile.cgi vulnerability enables root code execution via file upload on HPE Moonshot Appliance.

Reporter	Title	Published	Views	Family All 9
CNVD	Hewlett Packard Enterprise Moonshot Provisioning Manager Remote Code Execution Vulnerability (CNVD-2018-03082)	5 Jan 201800:00	–	cnvd
Check Point Advisories	HPE Moonshot Provisioning Manager Appliance Directory Traversal (CVE-2017-8976)	12 Feb 201900:00	–	checkpoint_advisories
CVE	CVE-2017-8976	15 Feb 201822:00	–	cve
Cvelist	CVE-2017-8976	15 Feb 201822:00	–	cvelist
Tenable Nessus	HPE Moonshot Provisioning Manager < 1.22 Multiple Vulnerabilities	29 Jan 201800:00	–	nessus
NVD	CVE-2017-8976	15 Feb 201822:29	–	nvd
OSV	CVE-2017-8976	15 Feb 201822:29	–	osv
Prion	Remote code execution	15 Feb 201822:29	–	prion
Zero Day Initiative	Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance khuploadfile Directory Traversal Remote Code Execution Vulnerability	3 Jan 201800:00	–	zdi

Vulners

Node

hp hpe_moonshot_provisioning_manager_applianceMatch1.20

Source	Link
securityfocus	www.securityfocus.com/bid/102410
support	www.support.hpe.com/hpsc/doc/public/display
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-18-001/
web	www.web.nvd.nist.gov/view/vuln/detail

23 Mar 2021 00:00Current

5.9Medium risk

Vulners AI Score5.9

CVSS 39.8

CVSS 210

EPSS0.51056

khuploadfile Moonshot Appliance root code execution arbitrary file upload input validation