Summary
HP Power Manager is prone to a remote code-execution vulnerability because it fails to properly bounds-check user-supplied data.
An attacker can exploit this issue to execute arbitrary code with SYSTEM credentials, resulting in a complete compromise of the affected computer. Failed exploit attempts will result in a denial-of-service condition.
Solution
The vendor has released updates and an advisory. Please see the references for details.
References
- http://h18000.www1.hp.com/products/servers/proliantstorage/power-protection/software/power-manager/index.html
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01905743
- http://www.securityfocus.com/archive/1/507697
- http://www.securityfocus.com/archive/1/507708
- http://www.securityfocus.com/bid/36933
- http://www.zerodayinitiative.com/advisories/ZDI-09-081/
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2009-2685 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities