10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.966 High
EPSS
Percentile
99.6%
Added: 10/03/2013
CVE: CVE-2013-4812
BID: 62348
OSVDB: 97155
HP ProCurve Manager (PCM) is a secure, advanced Windows-based network management platform that allows administrators to configure, update, monitor, and troubleshoot ProCurve devices centrally.
The SNAC registration server in HP ProCurve Manager (PCM) is vulnerable to remote code execution. The issue is due to the **UpdateCertificatesServlet**
servlet not properly sanitizing the fileName argument. By uploading a crafted JSP file, a remote attacker could execute code under the context of the SYSTEM user.
Update as directed in HP Security Bulletin HPSBPV02918.
<http://www.zerodayinitiative.com/advisories/ZDI-13-225/>
Exploit works on HP ProCurve Manager 4.0 on Windows Server 2003 SP2 English (DEP OptOut) and Windows Server 2008 SP2 (DEP OptOut).
Windows