ID CVE-2012-5204
Summary Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, aka ZDI-CAN-1614.
References
Vulnerable Configurations
  • HP Intelligent Management Center (iMC) 5.1 E0202
    cpe:2.3:a:hp:intelligent_management_center:5.1:e0202
  • HP Intelligent Management Center (IMC) 5.1
    cpe:2.3:a:hp:intelligent_management_center:5.1
  • HP Intelligent Management Center (IMC) 5.0 E0101
    cpe:2.3:a:hp:intelligent_management_center:5.0:e0101
  • HP Intelligent Management Center (IMC) 5.0
    cpe:2.3:a:hp:intelligent_management_center:5.0
  • HP Intelligent Management Center (IMC) 5.1 E0101P01
    cpe:2.3:a:hp:intelligent_management_center:5.1:e0101p01
  • HP Intelligent Management Center (IMC) 5.0 E0101H03
    cpe:2.3:a:hp:intelligent_management_center:5.0:e0101h03
  • HP Intelligent Management Center (IMC) 5.0 E0101L01
    cpe:2.3:a:hp:intelligent_management_center:5.0:e0101l01
  • HP Intelligent Management Center (IMC) 5.0 E0101H04
    cpe:2.3:a:hp:intelligent_management_center:5.0:e0101h04
  • HP Intelligent Management Center (IMC) 5.0 E0101L02
    cpe:2.3:a:hp:intelligent_management_center:5.0:e0101l02
  • HP Intelligent Management Center (iMC) Enterprise Edition 5.1 E0202
    cpe:2.3:a:hp:intelligent_management_center:5.1:e0202:enterprise
  • HP Intelligent Management Center for Automated Network Manager 5.1 E0202
    cpe:2.3:a:hp:intelligent_management_center_for_automated_network_manager:5.1:e0202
CVSS
Base: 7.5 (as of 23-08-2016 - 21:28)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
metasploit via4
description This module exploits a lack of authentication and a directory traversal in HP Intelligent Management, specifically in the IctDownloadServlet, in order to retrieve arbitrary files with SYSTEM privileges. This module has been tested successfully on HP Intelligent Management Center 5.1 E0202 over Windows 2003 SP2.
id MSF:AUXILIARY/SCANNER/HTTP/HP_IMC_ICTDOWNLOADSERVLET_TRAVERSAL
last seen 2019-03-10
modified 2017-07-24
published 2013-04-02
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/hp_imc_ictdownloadservlet_traversal.rb
title HP Intelligent Management IctDownloadServlet Directory Traversal
nessus via4
NASL family Gain a shell remotely
NASL id HP_IMC_52_E401.NASL
description The version of HP Intelligent Management Center running on the remote host is potentially affected by multiple vulnerabilities : - A cross-site scripting vulnerability exists in the 'opentopo_symbolid' parameter of the 'topoContent.jsf' script. (CVE-2012-5200) - Multiple code execution vulnerabilities exist. (CVE-2012-5201, CVE-2012-5209) - Multiple information disclosure vulnerabilities exist. (CVE-2012-5202, CVE-2012-5203, CVE-2012-5204, CVE-2012-5205, CVE-2012-5206, CVE-2012-5207, CVE-2012-5208, CVE-2012-5212, CVE-2012-5213)
last seen 2019-02-21
modified 2018-11-15
plugin id 65255
published 2013-03-13
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=65255
title HP Intelligent Management Center < 5.2 E401 Multiple Vulnerabilities
refmap via4
hp
  • HPSBGN02854
  • SSRT100881
  • SSRT101016
Last major update 24-08-2016 - 09:36
Published 09-03-2013 - 06:55
Back to Top