Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:A5AA2C908BE8345A1DDD5E86A83F0FC8
HistoryOct 30, 2013 - 12:00 a.m.

HP SiteScope APIBSMIntegrationImpl runOMAgentCommand SOAP Request Vulnerability

2013-10-3000:00:00
SAINT Corporation
download.saintcorporation.com
16

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.968 High

EPSS

Percentile

99.6%

JSON

Added: 10/30/2013
CVE: CVE-2013-2367
BID: 61506
OSVDB: 95824

Background

HP SiteScope is an agentless software application used to monitor the availability and performance of distributed IT infrastructures including servers, operating systems, network and Internet services, applications and application components.

Problem

HP SiteScope is vulnerable to remote code execution because the runOMAgentCommand in an APIBSMIntegrationImpl SOAP request does not properly sanitize user-supplied input. By supplying a windows shell command to the omHost key, an attacker can execute arbitrary commands with SYSTEM privileges.

Resolution

Upgrade to SiteScope v11.22 or higher.

References

<http://www.zerodayinitiative.com/advisories/ZDI-13-205/&gt;

Limitations

This exploit was tested against HP SiteScope 11.20 on Windows Server 2003 SP2 English (DEP OptOut) and Windows Server 2008 SP2 (DEP OptOut).

Platforms

Windows

Related

securityvulns 2
cve 1
zdt 1
zdi 1
saint 3
checkpoint_advisories 1
dsquare 1
prion 1
packetstorm 1
d2 1
nessus 2
securityvulns
securityvulns
HP SiteScope code execution
2013-08-12 00:00:00
[security bulletin] HPSBGN02904 rev.1 - HP SiteScope running SOAP, Remote Code Execution
2013-08-12 00:00:00
cve
cve
CVE-2013-2367
2013-07-31 13:20:00
zdt
zdt
HP SiteScope Remote Code Execution Vulnerability
2013-09-10 00:00:00
zdi
zdi
Hewlett-Packard SiteScope SOAP Call runOMAgentCommand Remote Code Execution Vulnerability
2013-08-13 00:00:00
saint
saint
HP SiteScope APIBSMIntegrationImpl runOMAgentCommand SOAP Request Vulnerability
2013-10-30 00:00:00
HP SiteScope APIBSMIntegrationImpl runOMAgentCommand SOAP Request Vulnerability
2013-10-30 00:00:00
HP SiteScope APIBSMIntegrationImpl runOMAgentCommand SOAP Request Vulnerability
2013-10-30 00:00:00
checkpoint_advisories
checkpoint_advisories
HP SiteScope SOAP Call runOMAgentCommand Command Injection (CVE-2013-2367)
2013-09-22 00:00:00
dsquare
dsquare
HP SiteScope runOMAgentCommand 11.20 RCE
2014-01-13 00:00:00
prion
prion
Design/Logic Flaw
2013-07-31 13:20:00
packetstorm
packetstorm
HP SiteScope Remote Code Execution
2013-09-09 00:00:00
d2
d2
DSquare Exploit Pack: D2SEC_SITESCOPE
2013-07-31 13:20:00
nessus
nessus
HP SiteScope SOAP Call runOMAgentCommand SOAP Request Arbitrary Remote Code Execution
2013-09-19 00:00:00
HP SiteScope Multiple Unspecified Remote Code Execution Vulnerabilities
2013-08-02 00:00:00

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.968 High

EPSS

Percentile

99.6%

JSON
Related for SAINT:A5AA2C908BE8345A1DDD5E86A83F0FC8
securityvulns2cve1zdt1zdi1saint3checkpoint_advisories1dsquare1prion1packetstorm1d21nessus2