Lucene search
Andrea Micalizzi aka rgodZDI-13-205HistoryAug 13, 2013 - 12:00 a.m.
Hewlett-Packard SiteScope SOAP Call runOMAgentCommand Remote Code Execution Vulnerability
2013-08-1300:00:00
Andrea Micalizzi aka rgod
www.zerodayinitiative.com
20
0.946 High
EPSS
Percentile
99.3%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP SiteScope. Authentication is not required to exploit this vulnerability. The specific flaw exists within APIBSMIntegrationImpl’s processing of the runOMAgentCommand which can be invoked through SOAP requests without prior authentication. The omHost key can take in a value containing a windows shell command. An attacker can exploit this condition to gain remote code execution as SYSTEM.
Related
cve
cve
CVE-2013-2367
2022-10-03 16:15:00
saint
saint
securityvulns
securityvulns
HP SiteScope code execution
2013-08-12 00:00:00
nessus
nessus
d2
d2
DSquare Exploit Pack: D2SEC_SITESCOPE
2013-07-31 13:20:00
packetstorm
packetstorm
HP SiteScope Remote Code Execution
2013-09-09 00:00:00
dsquare
dsquare
HP SiteScope runOMAgentCommand 11.20 RCE
2014-01-13 00:00:00
checkpoint_advisories
checkpoint_advisories
HP SiteScope SOAP Call runOMAgentCommand Command Injection (CVE-2013-2367)
2013-09-22 00:00:00
prion
prion
Design/Logic Flaw
2013-07-31 13:20:00
cvelist
cvelist
CVE-2013-2367
2022-10-03 16:15:00
zdt
zdt
HP SiteScope Remote Code Execution Vulnerability
2013-09-10 00:00:00
nvd
nvd
CVE-2013-2367
2013-07-31 13:20:18