HP System Management Homepage 'iprange' Parameter Remote Code Execution Vulnerability

Bugtraq ID:	58817
Class:	Unknown
CVE:
Remote:	Yes
Local:	No
Published:	Apr 02 2013 12:00AM
Updated:	Apr 08 2013 05:48PM
Credit:	agix
Vulnerable:	HP System Management Homepage 7.0
Not Vulnerable:

HP System Management Homepage 'iprange' Parameter Remote Code Execution Vulnerability

HP System Management Homepage is prone to a remote code-execution vulnerability.

Successful exploits allow an attacker to execute arbitrary code in the context of the affected application.

HP System Management Homepage 7.1.1 and prior versions are vulnerable.

HP System Management Homepage 'iprange' Parameter Remote Code Execution Vulnerability

The following exploit code is available:

• /data/vulnerabilities/exploits/58817.rb

HP System Management Homepage 'iprange' Parameter Remote Code Execution Vulnerability

Solution:
Reportedly the issue is fixed, however Symantec has not confirmed this. Please contact the vendor for more information.

HP System Management Homepage 'iprange' Parameter Remote Code Execution Vulnerability

References:

• HP Homepage (HP)
  
• HP System Management Homepage (HP)