HP Arcsight Multiple Products CVE-2012-5199 Local Arbitrary Code Execution Vulnerability
BID:57975
Info
HP Arcsight Multiple Products CVE-2012-5199 Local Arbitrary Code Execution Vulnerability
| Bugtraq ID: | 57975 |
| Class: | Unknown |
| CVE: |
CVE-2012-5199 |
| Remote: | No |
| Local: | Yes |
| Published: | Feb 15 2013 12:00AM |
| Updated: | Feb 15 2013 12:00AM |
| Credit: | Chris Botelho of Errord Security, Shawn Asmus of Fishnet Security, and TEB Quantum Technology (Malaysia) Professional Security Service Team |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
HP Arcsight Multiple Products CVE-2012-5199 Local Arbitrary Code Execution Vulnerability
Multiple HP Arcsight products are prone to a local arbitrary command-execution vulnerability.
Local attackers can exploit this issue to execute arbitrary commands within the context of the user running the affected application.
Limited information is currently available regarding this issue. We will update this BID as more information emerges.
The following products are vulnerable:
Arcsight Connector Appliance versions 6.3 and prior
Arcsight Logger Appliance versions 5.2 and prior
Multiple HP Arcsight products are prone to a local arbitrary command-execution vulnerability.
Local attackers can exploit this issue to execute arbitrary commands within the context of the user running the affected application.
Limited information is currently available regarding this issue. We will update this BID as more information emerges.
The following products are vulnerable:
Arcsight Connector Appliance versions 6.3 and prior
Arcsight Logger Appliance versions 5.2 and prior
Exploit / POC
HP Arcsight Multiple Products CVE-2012-5199 Local Arbitrary Code Execution Vulnerability
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
HP Arcsight Multiple Products CVE-2012-5199 Local Arbitrary Code Execution Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.