cvelistv5 - CVE-2016-8523

CVE-2016-8523 (GCVE-0-2016-8523)

Vulnerability from cvelistv5

Published

2018-02-15 22:00

Modified

2024-09-16 17:32

Severity ?

CWE

Remote Arbitrary Code Execution

Summary

A Remote Arbitrary Code Execution vulnerability in HPE Smart Storage Administrator version before v2.60.18.0 was found.

References

URL

Tags

security-alert@hpe.com	http://www.securityfocus.com/bid/95868	Third Party Advisory, VDB Entry
security-alert@hpe.com	https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05382349	Vendor Advisory
security-alert@hpe.com	https://www.exploit-db.com/exploits/41297/	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/95868	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05382349	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/41297/	Exploit, Third Party Advisory, VDB Entry

Impacted products

	Vendor	Product	Version
	Hewlett Packard Enterprise	Smart Storage Administrator	Version: before v2.60.18.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:27:40.373Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05382349"
          },
          {
            "name": "95868",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95868"
          },
          {
            "name": "41297",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/41297/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Smart Storage Administrator",
          "vendor": "Hewlett Packard Enterprise",
          "versions": [
            {
              "status": "affected",
              "version": "before v2.60.18.0"
            }
          ]
        }
      ],
      "datePublic": "2017-01-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A Remote Arbitrary Code Execution vulnerability in HPE Smart Storage Administrator version before v2.60.18.0 was found."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Arbitrary Code Execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-16T10:57:01",
        "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "shortName": "hpe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05382349"
        },
        {
          "name": "95868",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95868"
        },
        {
          "name": "41297",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/41297/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-alert@hpe.com",
          "DATE_PUBLIC": "2017-01-30T00:00:00",
          "ID": "CVE-2016-8523",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Smart Storage Administrator",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "before v2.60.18.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Hewlett Packard Enterprise"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A Remote Arbitrary Code Execution vulnerability in HPE Smart Storage Administrator version before v2.60.18.0 was found."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Remote Arbitrary Code Execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05382349",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05382349"
            },
            {
              "name": "95868",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95868"
            },
            {
              "name": "41297",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/41297/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
    "assignerShortName": "hpe",
    "cveId": "CVE-2016-8523",
    "datePublished": "2018-02-15T22:00:00Z",
    "dateReserved": "2016-10-07T00:00:00",
    "dateUpdated": "2024-09-16T17:32:45.617Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-8523\",\"sourceIdentifier\":\"security-alert@hpe.com\",\"published\":\"2018-02-15T22:29:01.027\",\"lastModified\":\"2024-11-21T02:59:31.833\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A Remote Arbitrary Code Execution vulnerability in HPE Smart Storage Administrator version before v2.60.18.0 was found.\"},{\"lang\":\"es\",\"value\":\"Se ha encontrado una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo arbitrario en HPE Smart Storage Administrator en versiones anteriores a la v2.60.18.0.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:C/I:C/A:C\",\"baseScore\":9.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-77\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hp:smart_storage_administrator:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.60.18.0\",\"matchCriteriaId\":\"EA81FEE5-B15E-4FC4-8AEE-61B8E6EA2659\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/95868\",\"source\":\"security-alert@hpe.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05382349\",\"source\":\"security-alert@hpe.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/41297/\",\"source\":\"security-alert@hpe.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/95868\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05382349\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/41297/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}

ghsa-65fv-3v96-h767

Vulnerability from github

Published

2022-05-14 03:40

Modified

2022-05-14 03:40

Severity ?

8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

A Remote Arbitrary Code Execution vulnerability in HPE Smart Storage Administrator version before v2.60.18.0 was found.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-8523"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-77"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-02-15T22:29:00Z",
    "severity": "HIGH"
  },
  "details": "A Remote Arbitrary Code Execution vulnerability in HPE Smart Storage Administrator version before v2.60.18.0 was found.",
  "id": "GHSA-65fv-3v96-h767",
  "modified": "2022-05-14T03:40:12Z",
  "published": "2022-05-14T03:40:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8523"
    },
    {
      "type": "WEB",
      "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05382349"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/41297"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/95868"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

gsd-2016-8523

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

A Remote Arbitrary Code Execution vulnerability in HPE Smart Storage Administrator version before v2.60.18.0 was found.

Aliases

CVE-2016-8523

Aliases

CVE-2016-8523

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-8523",
    "description": "A Remote Arbitrary Code Execution vulnerability in HPE Smart Storage Administrator version before v2.60.18.0 was found.",
    "id": "GSD-2016-8523",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2016-8523"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-8523"
      ],
      "details": "A Remote Arbitrary Code Execution vulnerability in HPE Smart Storage Administrator version before v2.60.18.0 was found.",
      "id": "GSD-2016-8523",
      "modified": "2023-12-13T01:21:22.144386Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-alert@hpe.com",
        "DATE_PUBLIC": "2017-01-30T00:00:00",
        "ID": "CVE-2016-8523",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Smart Storage Administrator",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "before v2.60.18.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Hewlett Packard Enterprise"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A Remote Arbitrary Code Execution vulnerability in HPE Smart Storage Administrator version before v2.60.18.0 was found."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Remote Arbitrary Code Execution"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05382349",
            "refsource": "CONFIRM",
            "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05382349"
          },
          {
            "name": "95868",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/95868"
          },
          {
            "name": "41297",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/41297/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:hp:smart_storage_administrator:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.60.18.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security-alert@hpe.com",
          "ID": "CVE-2016-8523"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A Remote Arbitrary Code Execution vulnerability in HPE Smart Storage Administrator version before v2.60.18.0 was found."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-77"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05382349",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05382349"
            },
            {
              "name": "41297",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.exploit-db.com/exploits/41297/"
            },
            {
              "name": "95868",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/95868"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2018-03-05T17:37Z",
      "publishedDate": "2018-02-15T22:29Z"
    }
  }
}

fkie_cve-2016-8523

Vulnerability from fkie_nvd

Published

2018-02-15 22:29

Modified

2024-11-21 02:59

Severity ?

8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

A Remote Arbitrary Code Execution vulnerability in HPE Smart Storage Administrator version before v2.60.18.0 was found.

References

URL	Tags
security-alert@hpe.com	http://www.securityfocus.com/bid/95868	Third Party Advisory, VDB Entry
security-alert@hpe.com	https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05382349	Vendor Advisory
security-alert@hpe.com	https://www.exploit-db.com/exploits/41297/	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/95868	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05382349	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/41297/	Exploit, Third Party Advisory, VDB Entry

Impacted products

	Vendor	Product	Version
	hp	smart_storage_administrator	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hp:smart_storage_administrator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA81FEE5-B15E-4FC4-8AEE-61B8E6EA2659",
              "versionEndExcluding": "2.60.18.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A Remote Arbitrary Code Execution vulnerability in HPE Smart Storage Administrator version before v2.60.18.0 was found."
    },
    {
      "lang": "es",
      "value": "Se ha encontrado una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo arbitrario en HPE Smart Storage Administrator en versiones anteriores a la v2.60.18.0."
    }
  ],
  "id": "CVE-2016-8523",
  "lastModified": "2024-11-21T02:59:31.833",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-02-15T22:29:01.027",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/95868"
    },
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05382349"
    },
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/41297/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/95868"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05382349"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/41297/"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cnvd-2017-01673

Vulnerability from cnvd

Title

HP Smart Storage Administrator远程代码执行漏洞

Description

HP Smart Storage Administrator是美国惠普公司一套用于执行复杂任务的存储配置工具。 HP Smart Storage Administrator存在安全漏洞，允许远程攻击者可利用该漏洞提交特殊的请求执行任意代码。

Severity

高

Patch Name

HP Smart Storage Administrator远程代码执行漏洞的补丁

Patch Description

HP Smart Storage Administrator是美国惠普公司一套用于执行复杂任务的存储配置工具。 HP Smart Storage Administrator存在安全漏洞，允许远程攻击者可利用该漏洞提交特殊的请求执行任意代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05382349

Reference

http://www.securityfocus.com/bid/95868

Impacted products

Name
['HP Smart Storage Administrator 2.40.13.0', 'HP Smart Storage Administrator 2.30.6.0', 'HP Smart Storage Administrator 2.20.11.0', 'HP Smart Storage Administrator 2.10.14.0', 'HP Smart Storage Administrator 2.0.23.0', 'HP Smart Storage Administrator 1.60.17.0', 'HP Smart Storage Administrator 1.50.4.0']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "95868"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-8523",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8523"
    }
  },
  "description": "HP Smart Storage Administrator\u662f\u7f8e\u56fd\u60e0\u666e\u516c\u53f8\u4e00\u5957\u7528\u4e8e\u6267\u884c\u590d\u6742\u4efb\u52a1\u7684\u5b58\u50a8\u914d\u7f6e\u5de5\u5177\u3002\r\n\r\nHP Smart Storage Administrator\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u7684\u8bf7\u6c42\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "Nicolas Mattiocco",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05382349",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-01673",
  "openTime": "2017-02-21",
  "patchDescription": "HP Smart Storage Administrator\u662f\u7f8e\u56fd\u60e0\u666e\u516c\u53f8\u4e00\u5957\u7528\u4e8e\u6267\u884c\u590d\u6742\u4efb\u52a1\u7684\u5b58\u50a8\u914d\u7f6e\u5de5\u5177\u3002\r\n\r\nHP Smart Storage Administrator\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u7684\u8bf7\u6c42\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "HP Smart Storage Administrator\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "HP Smart Storage Administrator 2.40.13.0",
      "HP Smart Storage Administrator 2.30.6.0",
      "HP Smart Storage Administrator  2.20.11.0",
      "HP Smart Storage Administrator  2.10.14.0",
      "HP Smart Storage Administrator  2.0.23.0",
      "HP Smart Storage Administrator  1.60.17.0",
      "HP Smart Storage Administrator  1.50.4.0"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/95868",
  "serverity": "\u9ad8",
  "submitTime": "2017-02-14",
  "title": "HP Smart Storage Administrator\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2016-8523 (GCVE-0-2016-8523)

Vulnerability from cvelistv5

ghsa-65fv-3v96-h767

Vulnerability from github

gsd-2016-8523

Vulnerability from gsd

fkie_cve-2016-8523

Vulnerability from fkie_nvd

cnvd-2017-01673

Vulnerability from cnvd

Tags

Sightings

Nomenclature