Andrea Micalizzi aka rgodZDI-14-195Hewlett-Packard AutoPass License Server Remote Code Execution Vulnerability
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.972 High
EPSS
Percentile
99.8%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard AutoPass License Server. Authentication is not required to exploit this vulnerability. The flaw exists within the CommunicationServlet. The specific flaw is a directory traversal vulnerability, which allows an unauthenticated user to write a file anywhere on the server. An attacker can leverage this vulnerability to execute arbitrary code in the context of the SYSTEM user.
Related
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.972 High
EPSS
Percentile
99.8%