CVE-2011-1867

HIGH

Description

Stack-based buffer overflow in iNodeMngChecker.exe in the User Access Manager (UAM) 5.0 before SP1 E0101P03 and Endpoint Admission Defense (EAD) 5.0 before SP1 E0101P03 components in HP Intelligent Management Center (aka iNode Management Center) allows remote attackers to execute arbitrary code via a 0x0A0BF007 packet.

References

http://marc.info/?l=bugtraq&m=130982758604404&w=2

http://secunia.com/advisories/45129

http://securityreason.com/securityalert/8302

http://securitytracker.com/id?1025740

http://www.osvdb.org/73597

http://www.securityfocus.com/archive/1/518691/100/0/threaded

http://www.securityfocus.com/bid/48527

http://www.zerodayinitiative.com/advisories/ZDI-11-232/

https://exchange.xforce.ibmcloud.com/vulnerabilities/68348

Details

Source: MITRE

Published: 2011-07-11

Updated: 2018-10-09

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:hp:endpoint_admission_defense:5.0:*:*:*:*:*:*:*

cpe:2.3:a:hp:endpoint_admission_defense:5.0:e0101:*:*:*:*:*:*

cpe:2.3:a:hp:intelligent_management_center:*:*:*:*:*:*:*:*

cpe:2.3:a:hp:user_access_manager:5.0:*:*:*:*:*:*:*

cpe:2.3:a:hp:user_access_manager:5.0:e0101:*:*:*:*:*:*

Tenable Plugins

View all (4 total)

IDNameProductFamilySeverity
55907HP iNode Management Center Buffer Overflow (HPSB3C02687) (remote check)NessusGain a shell remotely
critical
55577HP iNode Management Center Remote Code Execution (HPSB3C02687)NessusWindows
critical
5984HP Intelligent Management Center Endpoint Admission Defense < 5.0 E0101P03 Code Execution VulnerabilityNessus Network MonitorGeneric
critical
5983HP Intelligent Management Center User Access Manager < 5.0 E0101P03 Code Execution VulnerabilityNessus Network MonitorGeneric
critical