Vulnerability Details : CVE-2013-4824
Public exploit exists!
Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to bypass authentication via unknown vectors, aka ZDI-CAN-1644.
Vulnerability category: BypassGain privilege
Exploit prediction scoring system (EPSS) score for CVE-2013-4824
Probability of exploitation activity in the next 30 days: 95.13%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2013-4824
-
HP Intelligent Management SOM Account Creation
Disclosure Date: 2013-10-08First seen: 2020-04-26auxiliary/admin/hp/hp_imc_som_create_accountThis module exploits a lack of authentication and access control in HP Intelligent Management, specifically in the AccountService RpcServiceServlet from the SOM component, in order to create a SOM account with Account Management permissions. This module has been test
CVSS scores for CVE-2013-4824
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2013-4824
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-4824
-
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03943547
HP Support for Technical Help and Troubleshooting | HP® Customer Service.Vendor Advisory
Products affected by CVE-2013-4824
- cpe:2.3:a:hp:intelligent_management_center:*:*:*:*:*:*:*:*
- cpe:2.3:a:hp:imc_service_operation_management_software_module:-:*:*:*:*:*:*:*