HPE Intelligent Management Center dbman Opcode 10008 Command Injection
Critical Nessus Plugin ID 100870
SynopsisA network management system running on the remote host is affected by a command injection vulnerability.
DescriptionThe HPE Intelligent Management Center (iMC) PLAT running on the remote host is affected by a command injection vulnerability in the dbman service due to improper validation of user-supplied input before passing it to a system call. An unauthenticated, remote attacker can exploit this, via a specially crafted opcode 10008 request, to inject and execute arbitrary OS commands with SYSTEM or root privileges.
Note that the HP iMC dbman service running on the remote host is reportedly affected by additional vulnerabilities; however, Nessus has not tested for these.
SolutionUpgrade the HPE iMC version to 7.3 E0504P04 or later.