Lucene search

K
zdiAndrea Micalizzi aka rgodZDI-14-195
HistoryJun 11, 2014 - 12:00 a.m.

Hewlett-Packard AutoPass License Server Remote Code Execution Vulnerability

2014-06-1100:00:00
Andrea Micalizzi aka rgod
www.zerodayinitiative.com
9

EPSS

0.971

Percentile

99.8%

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard AutoPass License Server. Authentication is not required to exploit this vulnerability. The flaw exists within the CommunicationServlet. The specific flaw is a directory traversal vulnerability, which allows an unauthenticated user to write a file anywhere on the server. An attacker can leverage this vulnerability to execute arbitrary code in the context of the SYSTEM user.