HP Power Manager Multiple Remote Code Execution Vulnerabilities Network Vulnerability

Summary

HP Power Manager is prone to multiple remote code-execution vulnerabilities because it fails to properly bounds-check user-supplied data. An attacker can exploit this issue to execute arbitrary code with SYSTEM privileges, resulting in a complete compromise of the affected computer. Failed exploit attempts will result in a denial-of-service condition. Versions prior to Power Manager 4.2.10 are affected.

Solution

The vendor has released updates and an advisory. Please see the references for details.

References

http://h18000.www1.hp.com/products/servers/proliantstorage/power-protection/software/power-manager/index.html
http://h18004.www1.hp.com/products/servers/proliantstorage/power-protection/software/power-manager/dl/HPPM_Windows_Readme4210_Eng.zip
http://www.securityfocus.com/archive/1/509042
http://www.securityfocus.com/bid/37866
http://www.securityfocus.com/bid/37867
http://www.securityfocus.com/bid/37873

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-3999, CVE-2009-4000
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Apache Struts ClassLoader Manipulation Vulnerabilities
ASP Inline Corporate Calendar SQL injection
Ad Manager Pro Multiple SQL Injection And XSS Vulnerabilities
ATutor password reminder SQL injection
68designs 68kb Multiple Remote File Include Vulnerabilities

Take action and discover your vulnerabilities