HP Intelligent Management Center User Access Manager Datagram Parsing Code Execution

critical Nessus Plugin ID 63265


The remote host has a user access management application installed that is affected by a code execution vulnerability.


According to its version number, the HP Intelligent Management Center User Access Manager installed on the remote host is affected by a stack-based buffer overflow vulnerability. By sending a specially crafted datagram, a remote, unauthenticated attacker could execute arbitrary code on the remote host subject to the privileges of the user running the affected application.


Upgrade to HP Intelligent Management Center User Access Manager 5.1 SP1 or later.

See Also




Plugin Details

Severity: Critical

ID: 63265

File Name: hp_imc_uac_51_sp1.nasl

Version: 1.6

Type: remote

Published: 12/14/2012

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information


Risk Factor: High

Score: 7.4


Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:hp:intelligent_management_center

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/4/2012

Vulnerability Publication Date: 8/29/2012

Exploitable With

Metasploit (HP Intelligent Management Center UAM Buffer Overflow)

Reference Information

CVE: CVE-2012-3274

BID: 55271