BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

HP System Management Homepage Command Injection Vulnerability

Disclosed June 10, 2013    Fully Patched

Vulnerability Description:

A vulnerability within the HP System Management homepage allows for arbitrary commands to be executed on the vulnerable system, due to a lack of proper escaping of requested URLs.

Vendors:

HP

Vulnerable Software/Devices:

HP System Management Homepage

Vulnerability Severity:

High

Exploit Availability:

N/A

Exploit Impact:

Remote Code Execution
Remote Code Execution Exploitation of this vulnerability is possible by forming a malicious request and sending it to the affected server. Remote attackers who successfully exploit this vulnerability will be able to execute arbitrary commands on the vulnerable system with the same rights as the web service.

BeyondTrust Prevention and Detection:

BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.

  • 19734 - HP System Management Homepage Shell Metacharacters Command Execution

Mitigation:

Update to HP System Management Homepage v7.2.2.

Links:

CVE(s):

None