Kaspersky LabKLA10188KLA10188 Multiple vulnerabilities in HP Insight Diagnostics
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
7.1 High
AI Score
Confidence
Low
0.005 Low
EPSS
Percentile
77.2%
Multiple critical vulnerabilities have been found in HP Insight Diagnostics. Malicious users can exploit these vulnerabilities to inject code or write local files. Below is a complete list of vulnerabilities
- Improper PHP include restrictions can be exploited via a path parameter;
- A path traversal vulnerability can be exploited remotely via a devicePath parameter;
- Unknown vectors can be exploited remotely.
Original advisories
Related products
CVE list
CVE-2013-3573 critical
CVE-2013-3574 critical
CVE-2013-3575 critical
Solution
Update to latest version
Impacts
- CI
Code injection. Exploitation of vulnerabilities with this impact can lead to changes in target code.
- WLF
Write Local Files. Exploitation of vulnerabilities with this impact can lead to writing into some inaccessible files. Files that can be read depends on concrete program errors.
Affected Products
- HP Insight Diagnostics version 9.4.0.4710
Related
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
7.1 High
AI Score
Confidence
Low
0.005 Low
EPSS
Percentile
77.2%