Detections
Analytics

HP Smart Update Manager Remote Unauthorized Access.

critical Nessus Plugin ID 128768

Language:

Synopsis

A software/firmware update application running on the remote is affected by an authentication bypass vulnerability.

Description

The HPE Smart Update manager running on the remote host is affected by an authentication bypass vulnerability. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to bypass authentication and execute arbitrary actions defined by the application.

Solution

Upgrade to HP Smart Update Manager 8.3.5 or later.

See Also

http://www.nessus.org/u?0a459a70

Plugin Details

Severity: Critical

ID: 128768

File Name: hp_sum_cve-2019-11988.nasl

Version: 1.3

Type: remote

Family: CGI abuses

Published: 9/13/2019

Updated: 2/24/2020

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2019-11988

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:hp:smart_update_manager

Required KB Items: installed_sw/HP Smart Update Manager

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Patch Publication Date: 5/31/2019

Vulnerability Publication Date: 5/31/2019

Reference Information

CVE: CVE-2019-11988

HP: HPESBMU03922