Added: 10/03/2013
CVE: CVE-2013-4812
BID: 62348
OSVDB: 97155
HP ProCurve Manager (PCM) is a secure, advanced Windows-based network management platform that allows administrators to configure, update, monitor, and troubleshoot ProCurve devices centrally.
The SNAC registration server in HP ProCurve Manager (PCM) is vulnerable to remote code execution. The issue is due to the **UpdateCertificatesServlet**
servlet not properly sanitizing the fileName argument. By uploading a crafted JSP file, a remote attacker could execute code under the context of the SYSTEM user.
Update as directed in HP Security Bulletin HPSBPV02918.
<http://www.zerodayinitiative.com/advisories/ZDI-13-225/>
Exploit works on HP ProCurve Manager 4.0 on Windows Server 2003 SP2 English (DEP OptOut) and Windows Server 2008 SP2 (DEP OptOut).
Windows