HP System Management Homepage Command Injection Vulnerability-July2013 Network Vulnerability

Summary

This host is running HP System Management Homepage (SMH) and is prone to command injection vulnerability.

Impact

Successful exploitation will allow an authenticated remote attacker to execute arbitrary commands. Impact Level: Application

Solution

Upgrade to version 7.2.2, or higher. For Updates refer to, http://h18013.www1.hp.com/products/servers/management/agents/index.html

Insight

The flaw is triggered when the ginkgosnmp.inc script uses the last path segment of the current requested URL path in an exec call without properly sanitizing the content.

Affected

HP System Management Homepage (SMH) version 7.2.1.3 and prior

Detection

Get the installed version of HP SMH with the help of detect NVT and check it is vulnerable or not.

References

http://www.exploit-db.com/exploits/26420
http://www.kb.cert.org/vuls/id/735364

Updated on 2017-03-28

Severity

Classification

CVE CVE-2013-3576
CVSS Base Score: 9.0
AV:N/AC:L/Au:S/C:C/I:C/A:C

Related Vulnerabilities

ALCASAR Remote Code Execution Vulnerability
Andy's PHP Knowledgebase 's' Parameter SQL Injection Vulnerability
ASP Inline Corporate Calendar SQL injection
Apple Safari PDF Javascript Security Bypass Bypass Vulnerability
AjaxPortal 'di.php' File Inclusion Vulnerability

Take action and discover your vulnerabilities