Summary
This host is running HP System Management Homepage (SMH) and is prone to command injection vulnerability.
Impact
Successful exploitation will allow an authenticated remote attacker to execute arbitrary commands.
Impact Level: Application
Solution
Upgrade to version 7.2.2, or higher. For Updates refer to, http://h18013.www1.hp.com/products/servers/management/agents/index.html
Insight
The flaw is triggered when the ginkgosnmp.inc script uses the last path segment of the current requested URL path in an exec call without properly sanitizing the content.
Affected
HP System Management Homepage (SMH) version 7.2.1.3 and prior
Detection
Get the installed version of HP SMH with the help of detect NVT and check it is vulnerable or not.
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2013-3576 -
CVSS Base Score: 9.0
AV:N/AC:L/Au:S/C:C/I:C/A:C
Related Vulnerabilities
- Assesi 'bg' Parameter SQL Injection vulnerability
- AIOCP 'cp_html2xhtmlbasic.php' Remote File Inclusion Vulnerability
- Atlassian JIRA FishEye and Crucible Plugins XML Parsing Unspecified Security Vulnerability
- ActivDesk Multiple Cross Site Scripting and SQL Injection Vulnerabilities
- Advanced Guestbook Index.PHP SQL Injection Vulnerability