SAINT CorporationSAINT:72504ABF81CAAE587A519181C8978ED0HP Intelligent Management Center dbman opcode 10008 command injection
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.966 High
EPSS
Percentile
99.6%
Added: 12/14/2017
CVE: CVE-2017-5816
BID: 98469
Background
HP Intelligent Management Center (IMC), also known as HP iNode Management Center, is a comprehensive management platform for delivering integrated, modular network management capabilities.
Problem
A remote, unauthenticated attacker could execute arbitrary commands by injecting them into an opcode 10008 request to the dbman service.
Resolution
See HPESBHF03745 for fix information.
References
<http://www.zerodayinitiative.com/advisories/ZDI-17-340/>
<https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03745en_us>
Limitations
Exploit works on iMC PLAT v7.2 (E0403) Standard running on Windows.
Platforms
Windows
Related
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.966 High
EPSS
Percentile
99.6%