CVE-2013-4812

UpdateCertificatesServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the fileName argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-1743.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://zerodayinitiative.com/advisories/ZDI-13-225/
http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03897409	Vendor Advisory
http://secunia.com/advisories/54788
http://www.securitytracker.com/id/1029010

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:hp:procurve_manager:3.20:::::plus::
	cpe:2.3:a:hp:procurve_manager:4.0:::::::*
	cpe:2.3:a:hp:procurve_manager:4.0:::::plus::
	cpe:2.3:a:hp:identity_driven_manager:4.0:::::::*
	cpe:2.3:a:hp:procurve_manager:3.20:::::::*

Information

Published : 2013-09-16 06:01

Updated : 2013-09-25 20:52

NVD link : CVE-2013-4812

Mitre link : CVE-2013-4812

JSON object : View

CWE

CWE-20

Improper Input Validation

Advertisement

Products Affected

hp

identity_driven_manager
procurve_manager

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://zerodayinitiative.com/advisories/ZDI-13-225/", "name": "http://zerodayinitiative.com/advisories/ZDI-13-225/", "tags": [], "refsource": "MISC"}, {"url": "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03897409", "name": "SSRT101115", "tags": ["Vendor Advisory"], "refsource": "HP"}, {"url": "http://secunia.com/advisories/54788", "name": "54788", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.securitytracker.com/id/1029010", "name": "1029010", "tags": [], "refsource": "SECTRACK"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "UpdateCertificatesServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the fileName argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-1743."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-20"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2013-4812", "ASSIGNER": "hp-security-alert@hp.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2013-09-16T13:01Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:hp:procurve_manager:3.20:*:*:*:*:plus:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:procurve_manager:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:procurve_manager:4.0:*:*:*:*:plus:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:identity_driven_manager:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:procurve_manager:3.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2013-09-26T03:52Z"}