HP ProCurve Manager SNAC UpdateCertificatesServlet FileName Vulnerability

Added: 10/03/2013
CVE: CVE-2013-4812
BID: 62348
OSVDB: 97155

Background

HP ProCurve Manager (PCM) is a secure, advanced Windows-based network management platform that allows administrators to configure, update, monitor, and troubleshoot ProCurve devices centrally.

Problem

The SNAC registration server in HP ProCurve Manager (PCM) is vulnerable to remote code execution. The issue is due to the **UpdateCertificatesServlet** servlet not properly sanitizing the fileName argument. By uploading a crafted JSP file, a remote attacker could execute code under the context of the SYSTEM user.

Resolution

Update as directed in HP Security Bulletin HPSBPV02918.

References

<http://www.zerodayinitiative.com/advisories/ZDI-13-225/&gt;

Limitations

Exploit works on HP ProCurve Manager 4.0 on Windows Server 2003 SP2 English (DEP OptOut) and Windows Server 2008 SP2 (DEP OptOut).

Platforms

Windows