HP Power Manager Management Web Server Login Remote Code Execution Vulnerability Network Vulnerability

Summary

HP Power Manager is prone to a remote code-execution vulnerability because it fails to properly bounds-check user-supplied data. An attacker can exploit this issue to execute arbitrary code with SYSTEM credentials, resulting in a complete compromise of the affected computer. Failed exploit attempts will result in a denial-of-service condition.

Solution

The vendor has released updates and an advisory. Please see the references for details.

References

http://h18000.www1.hp.com/products/servers/proliantstorage/power-protection/software/power-manager/index.html
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01905743
http://www.securityfocus.com/archive/1/507697
http://www.securityfocus.com/archive/1/507708
http://www.securityfocus.com/bid/36933
http://www.zerodayinitiative.com/advisories/ZDI-09-081/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-2685
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Apache Solr XML External Entity(XXE) Vulnerability-02 Jan-14
Adiscon LogAnalyzer Multiple SQL Injection and XSS Vulnerabilities
Advanced Guestbook Index.PHP SQL Injection Vulnerability
AproxEngine Multiple Remote Input Validation Vulnerabilities
ALCASAR Remote Code Execution Vulnerability

Take action and discover your vulnerabilities