HP Intelligent Management Center 'mibFileUpload' Servlet Remote Code Execution Vulnerability
BID:58673
Info
HP Intelligent Management Center 'mibFileUpload' Servlet Remote Code Execution Vulnerability
| Bugtraq ID: | 58673 |
| Class: | Input Validation Error |
| CVE: |
CVE-2012-5201 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 07 2013 12:00AM |
| Updated: | May 06 2013 10:33AM |
| Credit: | Andrea Micalizzi aka rgod |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
HP Intelligent Management Center 'mibFileUpload' Servlet Remote Code Execution Vulnerability
HP Intelligent Management Center is prone to a remote code-execution vulnerability.
An attacker can exploit these issues to execute arbitrary code with SYSTEM-level privileges. Successful exploits will completely compromise affected computer.
Note: This issue was previously discussed in BID 58385 (Multiple HP Products Multiple Unspecified Remote Security Vulnerabilities), but has been given its own record to better document it.
The following product versions are affected:
HP Intelligent Management Center Enterprise Edition 5.1 E0202 and prior versions
HP Intelligent Management Center Standard Edition 5.1 E0202 and prior versions
HP Intelligent Management Center for Automated Network Manager 5.1 E0202 and prior versions
HP Intelligent Management Center is prone to a remote code-execution vulnerability.
An attacker can exploit these issues to execute arbitrary code with SYSTEM-level privileges. Successful exploits will completely compromise affected computer.
Note: This issue was previously discussed in BID 58385 (Multiple HP Products Multiple Unspecified Remote Security Vulnerabilities), but has been given its own record to better document it.
The following product versions are affected:
HP Intelligent Management Center Enterprise Edition 5.1 E0202 and prior versions
HP Intelligent Management Center Standard Edition 5.1 E0202 and prior versions
HP Intelligent Management Center for Automated Network Manager 5.1 E0202 and prior versions
Exploit / POC
HP Intelligent Management Center 'mibFileUpload' Servlet Remote Code Execution Vulnerability
Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
The following metasploit exploit code is available:
Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
The following metasploit exploit code is available:
Solution / Fix
HP Intelligent Management Center 'mibFileUpload' Servlet Remote Code Execution Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
HP Intelligent Management Center 'mibFileUpload' Servlet Remote Code Execution Vulnerability
References:
References:
- HP Homepage (HP)