Summary
HP Power Manager is prone to multiple remote code-execution vulnerabilities because it fails to properly bounds-check user-supplied data.
An attacker can exploit this issue to execute arbitrary code with SYSTEM privileges, resulting in a complete compromise of the affected computer. Failed exploit attempts will result in a denial-of-service condition.
Versions prior to Power Manager 4.2.10 are affected.
Solution
The vendor has released updates and an advisory. Please see the references for details.
References
- http://h18000.www1.hp.com/products/servers/proliantstorage/power-protection/software/power-manager/index.html
- http://h18004.www1.hp.com/products/servers/proliantstorage/power-protection/software/power-manager/dl/HPPM_Windows_Readme4210_Eng.zip
- http://www.securityfocus.com/archive/1/509042
- http://www.securityfocus.com/bid/37866
- http://www.securityfocus.com/bid/37867
- http://www.securityfocus.com/bid/37873
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2009-3999, CVE-2009-4000 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities