HP Power Manager < 4.3.2

critical Nessus Plugin ID 51200

Synopsis

The power management application installed on the remote host has a buffer overflow vulnerability.

Description

The installed version of HP Power Manager is less than 4.3.2, and as such has a buffer overflow vulnerability. Input to the 'Login' parameter of the login page is not properly sanitized, which can result in a stack-based buffer overflow.

An unauthenticated, remote attacker could exploit this by sending a specially crafted HTTP request, resulting in arbitrary code execution.

Solution

Upgrade to HP Power Manager 4.3.2 or later.

See Also

https://www.tenable.com/security/research/tra-2010-05

https://www.zerodayinitiative.com/advisories/ZDI-10-292/

http://www.nessus.org/u?c8ecd9c2

Plugin Details

Severity: Critical

ID: 51200

File Name: hp_power_mgr_4_3_2.nasl

Version: 1.13

Type: remote

Family: CGI abuses

Published: 12/16/2010

Updated: 6/5/2024

Supported Sensors: Nessus

Enable CGI Scanning: true

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:hp:power_manager

Required KB Items: www/hp_power_mgr

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No known exploits are available

Patch Publication Date: 12/16/2010

Vulnerability Publication Date: 12/16/2010

Reference Information

CVE: CVE-2010-4113

BID: 45438