SAINT CorporationSAINT:7F3C5163C30890F5F0C5C51957FFFEEFHP ProCurve Manager SNAC UpdateCertificatesServlet FileName Vulnerability
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.966 High
EPSS
Percentile
99.6%
Added: 10/03/2013
CVE: CVE-2013-4812
BID: 62348
OSVDB: 97155
Background
HP ProCurve Manager (PCM) is a secure, advanced Windows-based network management platform that allows administrators to configure, update, monitor, and troubleshoot ProCurve devices centrally.
Problem
The SNAC registration server in HP ProCurve Manager (PCM) is vulnerable to remote code execution. The issue is due to the **UpdateCertificatesServlet** servlet not properly sanitizing the fileName argument. By uploading a crafted JSP file, a remote attacker could execute code under the context of the SYSTEM user.
Resolution
Update as directed in HP Security Bulletin HPSBPV02918.
References
<http://www.zerodayinitiative.com/advisories/ZDI-13-225/>
Limitations
Exploit works on HP ProCurve Manager 4.0 on Windows Server 2003 SP2 English (DEP OptOut) and Windows Server 2008 SP2 (DEP OptOut).
Platforms
Windows
Related
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.966 High
EPSS
Percentile
99.6%