HP Intelligent Management Center dbman opcode 10008 command injection

Added: 12/14/2017
CVE: CVE-2017-5816
BID: 98469

Background

HP Intelligent Management Center (IMC), also known as HP iNode Management Center, is a comprehensive management platform for delivering integrated, modular network management capabilities.

Problem

A remote, unauthenticated attacker could execute arbitrary commands by injecting them into an opcode 10008 request to the dbman service.

Resolution

See HPESBHF03745 for fix information.

References

http://www.zerodayinitiative.com/advisories/ZDI-17-340/
https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03745en_us

Limitations

Exploit works on iMC PLAT v7.2 (E0403) Standard running on Windows.

Platforms

Windows

Back to exploit index