HP ProCurve Manager SNAC UpdateCertificatesServlet FileName Vulnerability

2013-10-03T00:00:00
ID SAINT:66194A0423C6048B45F3300165835412
Type saint
Reporter SAINT Corporation
Modified 2013-10-03T00:00:00

Description

Added: 10/03/2013
CVE: CVE-2013-4812
BID: 62348
OSVDB: 97155

Background

HP ProCurve Manager (PCM) is a secure, advanced Windows-based network management platform that allows administrators to configure, update, monitor, and troubleshoot ProCurve devices centrally.

Problem

The SNAC registration server in HP ProCurve Manager (PCM) is vulnerable to remote code execution. The issue is due to the **UpdateCertificatesServlet** servlet not properly sanitizing the fileName argument. By uploading a crafted JSP file, a remote attacker could execute code under the context of the SYSTEM user.

Resolution

Update as directed in HP Security Bulletin HPSBPV02918.

References

<http://www.zerodayinitiative.com/advisories/ZDI-13-225/>

Limitations

Exploit works on HP ProCurve Manager 4.0 on Windows Server 2003 SP2 English (DEP OptOut) and Windows Server 2008 SP2 (DEP OptOut).

Platforms

Windows