Vulnerability Details : CVE-2013-4812
Public exploit exists!
UpdateCertificatesServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the fileName argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-1743.
Vulnerability category: Input validationExecute code
Exploit prediction scoring system (EPSS) score for CVE-2013-4812
Probability of exploitation activity in the next 30 days: 96.96%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2013-4812
-
HP ProCurve Manager SNAC UpdateCertificatesServlet File Upload
Disclosure Date: 2013-09-09First seen: 2020-04-26exploit/windows/http/hp_pcm_snac_update_certificatesThis module exploits a path traversal flaw in the HP ProCurve Manager SNAC Server. The vulnerability in the UpdateCertificatesServlet allows an attacker to upload arbitrary files, just having into account binary writes aren't allowed. Additionally, authentication can
CVSS scores for CVE-2013-4812
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2013-4812
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-4812
-
http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03897409
Vendor Advisory
-
http://www.securitytracker.com/id/1029010
HP ProCurve Manager Bugs Let Remote Users Inject SQL Commands, Hijack Sessions, and Code Execution - SecurityTracker
-
http://zerodayinitiative.com/advisories/ZDI-13-225/
ZDI-13-225 | Zero Day Initiative
Products affected by CVE-2013-4812
- cpe:2.3:a:hp:procurve_manager:3.20:*:*:*:*:plus:*:*
- cpe:2.3:a:hp:procurve_manager:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:hp:procurve_manager:4.0:*:*:*:*:plus:*:*
- cpe:2.3:a:hp:procurve_manager:3.20:*:*:*:*:*:*:*
- cpe:2.3:a:hp:identity_driven_manager:4.0:*:*:*:*:*:*:*