HP Power Manager < 4.3.2 Buffer Overflow Vulnerability
Critical Nessus Network Monitor Plugin ID 5736
SynopsisThe power management application installed on the remote host is vulnerable to multiple attack vectors.
DescriptionVersions of HP Powere Manager earlier than 4.3.2 are potentially affected by a buffer overflow vulnerability because the application fails to properly sanitize user supplied in put to the 'Login' parameter of the login page. An unauthenticated, remote attacker could exploit this by sending a specially crafted HTTP request, resulting in arbitrary code execution.
SolutionUpgrade to HP Power Manager 4.3.2 or later.