CVE-2011-1867HIGH
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
Stack-based buffer overflow in iNodeMngChecker.exe in the User Access Manager (UAM) 5.0 before SP1 E0101P03 and Endpoint Admission Defense (EAD) 5.0 before SP1 E0101P03 components in HP Intelligent Management Center (aka iNode Management Center) allows remote attackers to execute arbitrary code via a 0x0A0BF007 packet.
References
http://marc.info/?l=bugtraq&m=130982758604404&w=2
http://secunia.com/advisories/45129
http://securityreason.com/securityalert/8302
http://securitytracker.com/id?1025740
http://www.securityfocus.com/archive/1/518691/100/0/threaded
http://www.securityfocus.com/bid/48527
Vulnerable Software
Configuration 1
OR
cpe:2.3:a:hp:endpoint_admission_defense:5.0:*:*:*:*:*:*:*
cpe:2.3:a:hp:endpoint_admission_defense:5.0:e0101:*:*:*:*:*:*
cpe:2.3:a:hp:intelligent_management_center:*:*:*:*:*:*:*:*
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 55907 | HP iNode Management Center Buffer Overflow (HPSB3C02687) (remote check) | Nessus | Gain a shell remotely | critical |
| 55577 | HP iNode Management Center Remote Code Execution (HPSB3C02687) | Nessus | Windows | critical |
| 5984 | HP Intelligent Management Center Endpoint Admission Defense < 5.0 E0101P03 Code Execution Vulnerability | Nessus Network Monitor | Generic | critical |
| 5983 | HP Intelligent Management Center User Access Manager < 5.0 E0101P03 Code Execution Vulnerability | Nessus Network Monitor | Generic | critical |