Lucene search

K
zdiAgixZDI-13-204
HistoryAug 13, 2013 - 12:00 a.m.

Hewlett-Packard System Management iprange Parameter Remote Code Execution Vulnerability

2013-08-1300:00:00
agix
www.zerodayinitiative.com
18

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

0.363 Low

EPSS

Percentile

97.1%

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP System Management. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the iprange parameter when passed to /proxy/DataValidation in an HTTP request. Overflowing this parameter with data will cause a stack buffer overflow. An attacker can exploit this condition to gain remote code execution as SYSTEM.

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

0.363 Low

EPSS

Percentile

97.1%