HPE Intelligent Management Center PLAT 7.3 Port 2810 Service command injection
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 9.4 | $0-$5k | 0.00 |
Summary
A vulnerability categorized as critical has been discovered in HPE Intelligent Management Center PLAT 7.3. Impacted is an unknown function of the component Port 2810 Service. Executing a manipulation can lead to command injection. This vulnerability appears as CVE-2017-5821. The attack may be performed from remote. There is no available exploit. It is advisable to implement a patch to correct this issue.
Details
A vulnerability was found in HPE Intelligent Management Center PLAT 7.3 (Log Management Software). It has been declared as very critical. This vulnerability affects an unknown functionality of the component Port 2810 Service. The manipulation with an unknown input leads to a command injection vulnerability. The CWE definition for the vulnerability is CWE-77. The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. As an impact it is known to affect confidentiality, integrity, and availability. CVE summarizes:
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
The bug was discovered 05/15/2017. The weakness was presented 05/11/2017 by Robert Swiecki (sztivi) with Google Security Team as hpesbhf03746en_us as confirmed security bulletin (Website) via ZDI (Zero Day Initiative). The advisory is shared for download at h20564.www2.hpe.com. The public release was coordinated in cooperation with the vendor. This vulnerability was named CVE-2017-5821 since 02/01/2017. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. There are neither technical details nor an exploit publicly available. The current price for an exploit might be approx. USD $0-$5k (estimation calculated on 10/03/2020). The MITRE ATT&CK project declares the attack technique as T1202.
The vulnerability was handled as a non-public zero-day exploit for at least 121 days. During that time the estimated underground price was around $5k-$25k. The vulnerability scanner Nessus provides a plugin with the ID 100869 (H3C / HPE Intelligent Management Center PLAT < 7.3 E0504P04 Multiple Vulnerabilities), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Windows and running in the context l. The commercial vulnerability scanner Qualys is able to test this issue with plugin 371241 (HPE Intelligent Management Center (iMC) Remote Code Execution Vulnerability (HPESBHF03743EN_US,HPESBHF03746EN_US)).
Applying the patch 7.3 E0504P04 is able to eliminate this problem.Proper firewalling of tcp/2810 is able to address this issue. The best possible mitigation is suggested to be patching the affected component. A possible mitigation has been published immediately after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at Tenable (100869), SecurityFocus (BID 94238†) and SecurityTracker (ID 1038560†). See VDB-93544, VDB-101079, VDB-101220 and VDB-101221 for similar entries. Once again VulDB remains the best source for vulnerability data.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.hpe.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 9.8VulDB Meta Temp Score: 9.6
VulDB Base Score: 9.8
VulDB Temp Score: 9.4
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 9.8
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Command injectionCWE: CWE-77 / CWE-74 / CWE-707
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 100869
Nessus Name: H3C / HPE Intelligent Management Center PLAT < 7.3 E0504P04 Multiple Vulnerabilities
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Patch: 7.3 E0504P04
Firewalling: 🔍
Timeline
11/10/2016 🔍01/10/2017 🔍
02/01/2017 🔍
05/11/2017 🔍
05/11/2017 🔍
05/15/2017 🔍
05/25/2017 🔍
05/26/2017 🔍
06/19/2017 🔍
02/15/2018 🔍
10/03/2020 🔍
Sources
Vendor: hpe.comAdvisory: hpesbhf03746en_us
Researcher: Robert Swiecki (sztivi)
Organization: Google Security Team
Status: Confirmed
Confirmation: 🔍
Coordinated: 🔍
CVE: CVE-2017-5821 (🔍)
GCVE (CVE): GCVE-0-2017-5821
GCVE (VulDB): GCVE-100-101788
SecurityFocus: 94238 - OpenSSL CVE-2016-7054 Denial of Service Vulnerability
OSVDB: - CVE-2017-5821 - Hp - Intelligent Management Center - High
SecurityTracker: 1038560
See also: 🔍
Entry
Created: 05/26/2017 21:39Updated: 10/03/2020 12:05
Changes: 05/26/2017 21:39 (88), 10/03/2020 12:05 (4)
Complete: 🔍
Cache ID: 216::103
Once again VulDB remains the best source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.