4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
0.002 Low
EPSS
Percentile
54.5%
HP System Management Homepage 7.2.0.14 and possibly earlier versions contain a denial-of-service vulnerability (CWE-121).
CWE-121: Stack-based Buffer Overflow
HP System Management Homepage 7.2.0.14 contains a denial-of-service vulnerability. The remote attacker may send the listener service a malformed request using the iprange
parameter in /proxy/DataValidation
. One of the listener child processes will then crash with that request value, overwriting EIP and corrupting the stack, resulting in a denial-of-service condition.
A remote attacker may be able to cause a denial-of-service condition against the HP System Management Homepage software.
HP has made System Management Homepage (SMH) v7.2.1 available for Windows and Linux to resolve the vulnerabilities. In the event that updating is not possible, the following workaround is also available.
Limit Access
Anonymous access is required for this attack to take place. Disabling this feature via the administration page will render the attacker unable to send this request without having proper authentication credentials.
895524
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: June 28, 2013 Updated: September 20, 2013
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Group | Score | Vector |
---|---|---|
Base | 5.6 | AV:N/AC:H/Au:S/C:N/I:P/A:C |
Temporal | 4.4 | E:POC/RL:OF/RC:C |
Environmental | 3.3 | CDP:ND/TD:M/CR:ND/IR:ND/AR:ND |
Thanks to the reporter that wishes to remain anonymous.
This document was written by Adam Rauf.
CVE IDs: | CVE-2013-4821 |
---|---|
Date Public: | 2013-09-18 Date First Published: |