HomePentest-Tools.com Logo

HP/HPE System Management Homepage (SMH) Command Injection Vulnerability (HPSBMU02917) CVE-2013-3576

Severity
Not available
CVSSv3 Score
Not available
Vulnerability description

HP/HPE System Management Homepage (SMH) is prone to a command injection vulnerability.

Risk description

The flaw is triggered when the ginkgosnmp.inc script uses the last path segment of the current requested URL path in an exec call without properly sanitizing the content. Successful exploitation will allow an authenticated remote attacker to execute arbitrary commands.

Recommendation

Update to version 7.2.2 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Jun 14, 2013
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available