Detections
Analytics

HP Web JetAdmin <=7.0 Multiple Vulnerabilities (XSS, Code Exe, DoS, more)

critical Nessus Plugin ID 12227

Language:

Synopsis

Arbitrary code may be run on the remote host.

Description

The remote HP Web Jetadmin is vulnerable to multiple exploits. This includes, but is not limited to, full remote administrative access. An attacker can execute code remotely with SYSTEM level (or root) privileges by invoking the ExecuteFile function. To further exacerbate this issue, there is working exploit code for multiple vulnerabilities within this product.

Solution

The issues are resolved in HP Web Jetadmin version 7.5.

See Also

http://www.nessus.org/u?7bedb551

http://web.archive.org/web/20081019091044/http://xforce.iss.net:80/xforce/xfdb/15989

Plugin Details

Severity: Critical

ID: 12227

File Name: jetroot.nasl

Version: 1.22

Type: remote

Family: CGI abuses

Published: 5/5/2004

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 4/27/2004

Reference Information

BID: 9973, 10224