ID CVE-2017-12535 Type cve Reporter cve@mitre.org Modified 2018-02-23T19:22:00
Description
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
{"openvas": [{"lastseen": "2019-07-17T14:19:25", "bulletinFamily": "scanner", "description": "This host is installed with HP Intelligent\n Management Center (iMC) and is prone to multiple RCE vulnerabilities.", "modified": "2019-07-05T00:00:00", "published": "2017-08-17T00:00:00", "id": "OPENVAS:1361412562310811626", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811626", "title": "HP Intelligent Management Center (iMC) Multiple RCE Vulnerabilities", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP Intelligent Management Center (iMC) Multiple RCE Vulnerabilities\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:hp:intelligent_management_center\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811626\");\n script_version(\"2019-07-05T10:16:38+0000\");\n script_cve_id(\"CVE-2017-12487\", \"CVE-2017-12488\", \"CVE-2017-12489\", \"CVE-2017-12490\",\n\t\t\"CVE-2017-12491\", \"CVE-2017-12492\", \"CVE-2017-12493\", \"CVE-2017-12494\",\n\t\t\"CVE-2017-12495\", \"CVE-2017-12496\", \"CVE-2017-12497\", \"CVE-2017-12498\",\n\t\t\"CVE-2017-12499\", \"CVE-2017-12500\", \"CVE-2017-12501\", \"CVE-2017-12502\",\n\t\t\"CVE-2017-12503\", \"CVE-2017-12504\", \"CVE-2017-12505\", \"CVE-2017-12506\",\n\t\t\"CVE-2017-12507\", \"CVE-2017-12508\", \"CVE-2017-12509\", \"CVE-2017-12510\",\n\t\t\"CVE-2017-12511\", \"CVE-2017-12512\", \"CVE-2017-12513\", \"CVE-2017-12514\",\n\t\t\"CVE-2017-12515\", \"CVE-2017-12516\", \"CVE-2017-12517\", \"CVE-2017-12518\",\n\t\t\"CVE-2017-12519\", \"CVE-2017-12520\", \"CVE-2017-12521\", \"CVE-2017-12522\",\n\t\t\"CVE-2017-12523\", \"CVE-2017-12524\", \"CVE-2017-12525\", \"CVE-2017-12526\",\n\t\t\"CVE-2017-12527\", \"CVE-2017-12528\", \"CVE-2017-12529\", \"CVE-2017-12530\",\n\t\t\"CVE-2017-12531\", \"CVE-2017-12532\", \"CVE-2017-12533\", \"CVE-2017-12534\",\n\t\t\"CVE-2017-12535\", \"CVE-2017-12536\", \"CVE-2017-12537\", \"CVE-2017-12538\",\n\t\t\"CVE-2017-12539\", \"CVE-2017-12540\", \"CVE-2017-12541\");\n script_bugtraq_id(100367);\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 10:16:38 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-08-17 15:32:25 +0530 (Thu, 17 Aug 2017)\");\n script_name(\"HP Intelligent Management Center (iMC) Multiple RCE Vulnerabilities\");\n\n script_tag(name:\"summary\", value:\"This host is installed with HP Intelligent\n Management Center (iMC) and is prone to multiple RCE vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to multiple\n unspecified errors.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allows remote\n attackers to execute arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"HP Intelligent Management Center (iMC)\n version 7.3 E0504\");\n\n script_tag(name:\"solution\", value:\"Upgrade to HP Intelligent Management Center\n (iMC) version 7.3 E0506 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_dependencies(\"gb_hp_imc_detect.nasl\");\n script_mandatory_keys(\"HPE/iMC/Win/Ver\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!hpVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_equal(version:hpVer, test_version:\"7.3.E0504\"))\n{\n report = report_fixed_ver(installed_version:hpVer, fixed_version:\"7.3.E0506\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2019-02-21T01:32:26", "bulletinFamily": "scanner", "description": "The version of HPE Intelligent Management Center (iMC) PLAT installed on the remote host is prior to 7.3 E0506. It is, therefore, affected by multiple vulnerabilities that can be exploited to execute arbitrary code.\n\nNote that Intelligent Management Center (iMC) is an HPE product;\nhowever, it is branded as H3C.", "modified": "2018-11-15T00:00:00", "id": "HP_IMC_73_E0506.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=102500", "published": "2017-08-15T00:00:00", "title": "H3C / HPE Intelligent Management Center PLAT < 7.3 E0506 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102500);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/11/15 20:50:23\");\n\n script_cve_id(\n \"CVE-2017-12487\",\n \"CVE-2017-12488\",\n \"CVE-2017-12489\",\n \"CVE-2017-12490\",\n \"CVE-2017-12491\",\n \"CVE-2017-12492\",\n \"CVE-2017-12493\",\n \"CVE-2017-12494\",\n \"CVE-2017-12495\",\n \"CVE-2017-12496\",\n \"CVE-2017-12497\",\n \"CVE-2017-12498\",\n \"CVE-2017-12499\",\n \"CVE-2017-12500\",\n \"CVE-2017-12501\",\n \"CVE-2017-12502\",\n \"CVE-2017-12503\",\n \"CVE-2017-12504\",\n \"CVE-2017-12505\",\n \"CVE-2017-12506\",\n \"CVE-2017-12507\",\n \"CVE-2017-12508\",\n \"CVE-2017-12509\",\n \"CVE-2017-12510\",\n \"CVE-2017-12511\",\n \"CVE-2017-12512\",\n \"CVE-2017-12513\",\n \"CVE-2017-12514\",\n \"CVE-2017-12515\",\n \"CVE-2017-12516\",\n \"CVE-2017-12517\",\n \"CVE-2017-12518\",\n \"CVE-2017-12519\",\n \"CVE-2017-12520\",\n \"CVE-2017-12521\",\n \"CVE-2017-12522\",\n \"CVE-2017-12523\",\n \"CVE-2017-12524\",\n \"CVE-2017-12525\",\n \"CVE-2017-12526\",\n \"CVE-2017-12527\",\n \"CVE-2017-12528\",\n \"CVE-2017-12529\",\n \"CVE-2017-12530\",\n \"CVE-2017-12531\",\n \"CVE-2017-12532\",\n \"CVE-2017-12533\",\n \"CVE-2017-12534\",\n \"CVE-2017-12535\",\n \"CVE-2017-12536\",\n \"CVE-2017-12537\",\n \"CVE-2017-12538\",\n \"CVE-2017-12539\",\n \"CVE-2017-12540\",\n \"CVE-2017-12541\"\n );\n\n script_xref(name:\"HP\", value:\"emr_na-hpesbhf03768en_us\");\n script_xref(name:\"HP\", value:\"HPESBHF03768\");\n\n script_name(english:\"H3C / HPE Intelligent Management Center PLAT < 7.3 E0506 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of HPE Intelligent Management Center.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote Windows host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of HPE Intelligent Management Center (iMC) PLAT installed\non the remote host is prior to 7.3 E0506. It is, therefore, affected\nby multiple vulnerabilities that can be exploited to execute arbitrary\ncode.\n\nNote that Intelligent Management Center (iMC) is an HPE product;\nhowever, it is branded as H3C.\");\n # https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8768af0a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to H3C / HPE iMC version 7.3 E0506 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:hp:intelligent_management_center\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n\n script_dependencies('hp_imc_detect.nbin');\n script_require_ports('Services/activemq', 61616);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n# Figure out which port to use\nport = get_service(svc:'activemq', default:61616, exit_on_fail:TRUE);\nversion = get_kb_item_or_exit('hp/hp_imc/'+port+'/version');\n\napp = 'HP Intelligent Management Center';\n\nfixed_display = '7.3-E0506';\n\nfix = NULL;\npatchfix = NULL;\n\nif (version =~ \"^[0-6](\\.[0-9]+)*$\" || # e.g. 5, 6.999\n version =~ \"^7\\.0([0-9]|\\.[0-9]+)*$\" || # e.g. 7.01, 7.0.2\n version =~ \"^7(\\.[0-2])?$\" # e.g. 7, 7.1, 7.2\n)\n{\n fix = \"7.3\";\n}\n\n# check patch version if 7.3\nelse if (version =~ \"^7.3\\-\")\n{\n # Versions < 7.3 E0506, remove letters and dashes in version\n patch = pregmatch(pattern:\"[0-9.]+-E([0-9A-Z]+)\", string:version);\n if (!patch) audit(AUDIT_UNKNOWN_APP_VER, app);\n patchver = ereg_replace(string:patch[1], pattern:\"[A-Z\\-]\", replace:\".\");\n if (!patchver) audit(AUDIT_UNKNOWN_APP_VER, app);\n\n patchfix = \"0506\";\n}\n\n# if pre 7.3 or 7.3 with patchver before 0506\nif ((!isnull(fix) && ver_compare(ver:version, fix:fix, strict:FALSE) < 0) ||\n (!isnull(patchfix) && ver_compare(ver:patchver, fix:patchfix, strict:FALSE) < 0))\n{\n items = make_array(\n \"Installed version\", version,\n \"Fixed version\", fixed_display\n );\n\n order = make_list(\"Installed version\", \"Fixed version\");\n report = report_items_str(report_items:items, ordered_fields:order);\n\n security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);\n exit(0);\n}\nelse\n audit(AUDIT_INST_VER_NOT_VULN, app, version);\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
