HPE Intelligent Management Center 7.2 E0403P06 Multiple Vulnerabilities

critical Nessus Plugin ID 99030

Synopsis

The version of HPE Intelligent Management Center on the remote host is affected by multiple vulnerabilities.

Description

The version of HPE Intelligent Management Center (IMC) running on the remote host is version 7.2 E0403P06. It is, therefore, affected by multiple vulnerabilities :

- A flaw exists in UrlAccessController when handling URIs with the doFilter() method. A remote attacker can exploit this, via a specially crafted request, to bypass authorization. (CVE-2017-5791)

- A flaw exists in CommonUtils due to improper sanitization of user-supplied input before using it in file operations. An authenticated, remote attacker can exploit this issue, via a specially crafted request that uses path traversal, to upload arbitrary files, which can then be used to execute arbitrary code.
(CVE-2017-5793)

- A flaw exists in FileUploadServlet due to improper sanitization of user-supplied input before using it in file operations. An authenticated, remote attacker can exploit this issue, via a specially crafted request that uses path traversal, to upload arbitrary files, which then can be used to execute arbitrary code.
(CVE-2017-5794)

- A flaw exists in FileDownloadServlet due to improper sanitization of user-supplied input to the 'fileName' parameter before using it in file operations. An authenticated, remote attacker can exploit this issue, via a specially crafted request that uses path traversal, to disclose the content of arbitrary files.
(CVE-2017-5795)

Solution

Upgrade to HPE Intelligent Management Center version 7.3 E0504P02 or later.

See Also

http://www.nessus.org/u?bca21dc8

http://www.nessus.org/u?d846d714

http://www.nessus.org/u?4cd43fa7

http://www.nessus.org/u?0a25071d

https://www.zerodayinitiative.com/advisories/ZDI-17-161/

https://www.zerodayinitiative.com/advisories/ZDI-17-163/

https://www.zerodayinitiative.com/advisories/ZDI-17-164/

https://www.zerodayinitiative.com/advisories/ZDI-17-165/

Plugin Details

Severity: Critical

ID: 99030

File Name: hp_imc_73_e0504p02.nasl

Version: 1.6

Type: remote

Family: Misc.

Published: 3/28/2017

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2017-5791

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:hp:intelligent_management_center

Exploit Ease: No known exploits are available

Patch Publication Date: 3/7/2017

Vulnerability Publication Date: 3/7/2017

Reference Information

CVE: CVE-2017-5791, CVE-2017-5793, CVE-2017-5794, CVE-2017-5795

BID: 96773, 96815

HP: HPESBHF03714, HPESBHF03715, HPESBHF03716, HPESBHF03717, emr_na-hpesbhf03714en_us, emr_na-hpesbhf03715en_us, emr_na-hpesbhf03716en_us, emr_na-hpesbhf03717en_us

ZDI: ZDI-17-161, ZDI-17-163, ZDI-17-164, ZDI-17-165