HP SiteScope SOAP Call APIPreferenceImpl Security Bypass

2012-10-2200:00:00

SAINT Corporation

download.saintcorporation.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.107

Percentile

95.1%

JSON

Added: 10/22/2012
CVE: CVE-2012-3261
BID: 55269
OSVDB: 85796

Background

HP SiteScope is an agentless software application used to monitor the availability and performance of distributed IT infrastructures including servers, operating systems, network and Internet services, applications and application components.

Problem

HP SiteScope versions 11.10, 11.11, and 11.12 are vulnerable to remote code execution via a vulnerable SOAP call using **APIPreferenceImpl**.

Resolution

Upgrade to SiteScope v11.13 or newer. In addition, an administrator must disable the vulnerable SOAP API by adding the **_disableOldAPIs=true** property to the **master.config** file.

References

<http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03489683>

Limitations

This exploit has been tested against HP SiteScope 11.20 on Microsoft Windows Server 2003 SP2 English (DEP OptOut) and Microsoft Windows Server 2008 SP2 (DEP OptOut).