Detections
Analytics

HP DDMI on Windows Unspecified Remote Agent Access

high Nessus Plugin ID 39617

Language:

Synopsis

The remote SOAP server allows unauthorized access.

Description

The remote host is running an HP Discovery & Dependency Mapping Inventory (DDMI) agent to facilitate communications between a central DDMI server and workstations that are part of the deployed inventory process.

The version of the agent on the remote host fails to check for a valid SSL certificate from a known DDMI server before accepting requests and processing them. An unauthenticated, remote attacker can leverage this issue to disclose sensitive information about installed software, read the contents of arbitrary files, launch arbitrary processes with SYSTEM privileges, etc.

Solution

Apply Patch Number HPED_00306 (for DDMI version 7.5x) / HPED_00304 (version 2.5x).

See Also

https://www.securityfocus.com/archive/1/504134/30/0/threaded

https://www.securityfocus.com/archive/1/508942/30/0/threaded

Plugin Details

Severity: High

ID: 39617

File Name: hp_ddmi_agent_access.nasl

Version: 1.21

Type: remote

Family: CGI abuses

Published: 7/6/2009

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:hp:discovery%26dependency_mapping_inventory

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No known exploits are available

Exploited by Nessus: true

Patch Publication Date: 6/4/2009

Reference Information

CVE: CVE-2009-1419

BID: 35250

Secunia: 35270