2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
0.363 Low
EPSS
Percentile
97.1%
Added: 09/09/2013
CVE: CVE-2013-2362
BID: 61337
OSVDB: 95489
HP System Management Homepage (SMH) is a web-based interface that consolidates the management of ProLiant and Integrity servers.
A stack buffer overflow vulnerability in HP SMH allows command execution when an attacker requests **/proxy/DataValidation**
with an overly long **iprange**
parameter. A remote unauthenticated attacker could exploit this vulnerability to run arbitrary code on the vulnerable target as the SYSTEM user.
Upgrade to HP System Management Homepage version 7.2.1 or higher.
<http://www.zerodayinitiative.com/advisories/ZDI-13-204/>
[http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c03839862 ](<http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c03839862
>)
Exploit works on HP System Management Homepage 7.2.0-14 on Windows Server 2003 SP2 English (DEP OptOut).
This exploit requires the IO-Socket-SSL Perl module.
Windows