Vulnerability CVE-2013-4822 - CERT Civis.Net

Vulnerability Name:

CVE-2013-4822 (CCN-87794)

Assigned:

2013-10-08

Published:

2013-10-08

Updated:

2019-10-09

Summary:

Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Branch Intelligent Management System Software Module (aka BIMS) allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1606.

CVSS v3 Severity:

10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
8.3 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
8.3 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2013-4822

Source: CCN
Type: HP Security Bulletin HPSBGN02929 rev.1
HP Intelligent Management Center (iMC), HP IMC Branch Intelligent Management System Software Module (BIMS), and Comware Based Switches and Routers, Remote Code Execution, Disclosure of Information

Source: CCN
Type: SA55228
HP Intelligent Management Center Two Products Two Vulnerabilities

Source: CCN
Type: BID-62895
Multiple HP Products CVE-2013-4822 Remote Code Execution Vulnerability

Source: XF
Type: UNKNOWN
hp-imc-cve20134822-code-exec(87794)

Source: HP
Type: Vendor Advisory
HPSBGN02929

Source: CCN
Type: Packet Storm Security [10-22-2013]
HP Intelligent Management Center BIMS UploadServlet Directory Traversal

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [10-22-2013]

Source: CCN
Type: ZDI-13-238
Hewlett-Packard Intelligent Management Center BIMS UploadServlet Remote Code Execution Vulnerability

Vulnerable Configuration:

Configuration 1:

cpe:/a:hp:imc_branch_intelligent_management_system_software_module:5.0:*:*:*:*:*:*:*

OR cpe:/a:hp:imc_branch_intelligent_management_system_software_module:5.1:*:*:*:*:*:*:*

OR cpe:/a:hp:imc_branch_intelligent_management_system_software_module:5.2:*:*:*:*:*:*:*

Configuration 2:

cpe:/a:hp:intelligent_management_center:*:*:*:*:*:*:*:*

OR cpe:/a:hp:intelligent_management_center:5.0:*:*:*:*:*:*:*

OR cpe:/a:hp:intelligent_management_center:5.0:e0101:*:*:*:*:*:*

OR cpe:/a:hp:intelligent_management_center:5.0:e0101h03:*:*:*:*:*:*

OR cpe:/a:hp:intelligent_management_center:5.0:e0101h04:*:*:*:*:*:*

OR cpe:/a:hp:intelligent_management_center:5.0:e0101l01:*:*:*:*:*:*

OR cpe:/a:hp:intelligent_management_center:5.0:e0101l02:*:*:*:*:*:*

OR cpe:/a:hp:intelligent_management_center:5.1:*:*:*:*:*:*:*

OR cpe:/a:hp:intelligent_management_center:5.1:e0101p01:*:*:*:*:*:*

OR cpe:/a:hp:intelligent_management_center:5.2:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:hp:intelligent_management_center:7.0:*:*:*:*:*:*:*

OR cpe:/a:hp:imc_branch_intelligent_management_system_software_module:5.2:*:*:*:*:*:*:*

Denotes that component is vulnerable