HP Power Manager Multiple Remote Code Execution Vulnerabilities Network Vulnerability

Summary

HP Power Manager is prone to multiple remote code-execution vulnerabilities because it fails to properly bounds-check user-supplied data. An attacker can exploit this issue to execute arbitrary code with SYSTEM privileges, resulting in a complete compromise of the affected computer. Failed exploit attempts will result in a denial-of-service condition. Versions prior to Power Manager 4.2.10 are affected.

Solution

The vendor has released updates and an advisory. Please see the references for details.

References

http://h18000.www1.hp.com/products/servers/proliantstorage/power-protection/software/power-manager/index.html
http://h18004.www1.hp.com/products/servers/proliantstorage/power-protection/software/power-manager/dl/HPPM_Windows_Readme4210_Eng.zip
http://www.securityfocus.com/archive/1/509042
http://www.securityfocus.com/bid/37866
http://www.securityfocus.com/bid/37867
http://www.securityfocus.com/bid/37873

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-3999, CVE-2009-4000

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
Arkeia Appliance Multiple Vulnerabilities
Andy's PHP Knowledgebase 'step5.php' Remote PHP Code Execution Vulnerability
b2ePMS Multiple SQL Injection Vulnerabilities
Ajax File and Image Manager 'data.php' PHP Code Injection Vulnerability

Take action and discover your vulnerabilities