SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   HPE Intelligent Management Center Vendors:   HPE
HPE Intelligent Management Center PLAT Multiple Flaws Let Remote Users Deny Service and Execute Arbitrary Code
SecurityTracker Alert ID:  1039495
SecurityTracker URL:  http://securitytracker.com/id/1039495
CVE Reference:   CVE-2017-12554, CVE-2017-12556, CVE-2017-12557, CVE-2017-12558, CVE-2017-12559, CVE-2017-12560, CVE-2017-12561   (Links to External Site)
Date:  Oct 4 2017
Impact:   Denial of service via network, Execution of arbitrary code via network, Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 7.3 E0504P2 and before
Description:   Multiple vulnerabilities were reported in HPE Intelligent Management Center PLAT. A remote authenticated user can cause denial of service conditions on the target system. A remote user can execute arbitrary code on the target system.

A remote authenticated user can send specially crafted data to TCP port 8080 or 8443 to trigger an input validation flaw in the mibFileServlet servlet to rename arbitrary files and execute arbitrary code on the target system [CVE-2017-12554]. The code will run with System privileges.

A remote user can send specially crafted data to TCP port 8080 or 8443 to trigger a deserialization flaw in MibBrowserTopoFilterServlet to execute arbitrary code on the target system [CVE-2017-12556]. The code will run with System privileges.

A remote user can send specially crafted data to TCP port 8080 or 8443 to trigger a deserialization flaw in WebDMDebugServlet to execute arbitrary code on the target system [CVE-2017-12557]. The code will run with System privileges.

A remote user can send specially crafted data to TCP port 8080 or 8443 to trigger a deserialization flaw in WebDMServlet to execute arbitrary code on the target system [CVE-2017-12558]. The code will run with System privileges.

A remote authenticated user can send specially crafted data to TCP port 8080 or 8443 to trigger an input validation flaw in the mibFileServlet servlet to delete arbitrary files on the target system [CVE-2017-12559].

A remote authenticated user can send specially crafted data to TCP port 8080 or 8443 to trigger an input validation flaw in the mibFileServlet servlet to delete arbitrary directories on the target system [CVE-2017-12560].

A remote authenticated user can send specially crafted data to the dbman service on TCP port 2810 to trigger a use-after-free in the mibFileServlet servlet to delete arbitrary files on the target system [CVE-2017-12561].

Steven Seeley (mr_me) of Offensive Security (via Trend Micro's Zero Day Initiative) reported these vulnerabilities.

Impact:   A remote authenticated user can cause denial of service conditions on the target system.

A remote user can execute arbitrary code with System level privileges on the target system.

Solution:   HPE has issued a fix (7.3 E0506P03).

The HPE advisories are available at:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03777en_us
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03778en_us
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03781en_us
https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03782en_us

Vendor URL:  h20564.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03778en_us (Links to External Site)
Cause:   Access control error, Input validation error
Underlying OS:  Linux (Red Hat Enterprise), Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC