HP Operations Manager i (OMi) 9.1 / 9.2 RCE

This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.


Synopsis :

The remote host has an operations management application installed
that is affected by an unspecified code execution vulnerability.

Description :

The HP Operations Manager i (OMi) installed on the remote host is
version 9.1 or 9.2. It is, therefore, affected by an unspecified code
execution vulnerability that allows an authenticated, remote attacker
to execute arbitrary code by leveraging the OMi operator role.

See also :

http://www.nessus.org/u?87d5d6f0
http://www.securityfocus.com/archive/1/532177/30/0/threaded

Solution :

Apply the vendor-supplied patch.

Risk factor :

High / CVSS Base Score : 8.5
(CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C)
CVSS Temporal Score : 7.4
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 74253 ()

Bugtraq ID: 67570

CVE ID: CVE-2014-2607

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now