HP System Management Homepage < 7.2.6 Multiple Vulnerabilities (FREAK)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote web server is affected by multiple vulnerabilities.

Description :

According to the web server's banner, the version of HP System
Management Homepage (SMH) hosted on the remote web server is prior to
7.2.6. It is, therefore, affected by multiple vulnerabilities,
including remote code execution vulnerabilities, in several components
and third-party libraries :

- HP SMH (XSRF)
- libcurl
- OpenSSL

See also :

http://www.nessus.org/u?12cb3f9e
https://www.openssl.org/news/secadv/20150108.txt
https://www.smacktls.com/#freak
https://www.openssl.org/news/secadv/20150319.txt

Solution :

Upgrade to HP System Management Homepage (SMH) version 7.2.6 or later.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.5
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false