Sign-up

ID

VAR-201802-0170


CVE

CVE-2017-5793


TITLE

HPE Intelligent Management Center PLAT Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-012579

DESCRIPTION

A Remote Arbitrary Code Execution vulnerability in HPE Intelligent Management Center (IMC) PLAT version 7.2 E0403P06 was found. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within CommonUtils. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute arbitrary code under the context of SYSTEM. The solution provides network-wide visibility for comprehensive management of resources, services and users

Trust: 2.97

sources: NVD: CVE-2017-5793 // JVNDB: JVNDB-2017-012579 // ZDI: ZDI-17-163 // CNVD: CNVD-2018-05720 // IVD: 2d58912c-c708-4668-9146-2bcf25ac5542

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 2d58912c-c708-4668-9146-2bcf25ac5542 // CNVD: CNVD-2018-05720

AFFECTED PRODUCTS

vendor:hpmodel:intelligent management centerscope:eqversion:7.2

Trust: 1.6

vendor:hewlett packardmodel:hpe intelligent management centerscope:eqversion:7.2 e0403p06

Trust: 0.8

vendor:hewlett packardmodel:intelligent management centerscope: - version: -

Trust: 0.7

vendor:hpmodel:intelligent management center imc plat e0403p06scope:eqversion:7.2

Trust: 0.6

vendor:intelligent management centermodel: - scope:eqversion:7.2

Trust: 0.2

sources: IVD: 2d58912c-c708-4668-9146-2bcf25ac5542 // ZDI: ZDI-17-163 // CNVD: CNVD-2018-05720 // JVNDB: JVNDB-2017-012579 // CNNVD: CNNVD-201802-464 // NVD: CVE-2017-5793

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-5793
value: HIGH

Trust: 1.0

NVD: CVE-2017-5793
value: HIGH

Trust: 0.8

ZDI: CVE-2017-5793
value: HIGH

Trust: 0.7

CNVD: CNVD-2018-05720
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201802-464
value: CRITICAL

Trust: 0.6

IVD: 2d58912c-c708-4668-9146-2bcf25ac5542
value: CRITICAL

Trust: 0.2

nvd@nist.gov: CVE-2017-5793
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 2.5

CNVD: CNVD-2018-05720
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 2d58912c-c708-4668-9146-2bcf25ac5542
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2017-5793
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: 2d58912c-c708-4668-9146-2bcf25ac5542 // ZDI: ZDI-17-163 // CNVD: CNVD-2018-05720 // JVNDB: JVNDB-2017-012579 // CNNVD: CNNVD-201802-464 // NVD: CVE-2017-5793

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2017-012579 // NVD: CVE-2017-5793

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201802-464

TYPE

Input validation

Trust: 0.8

sources: IVD: 2d58912c-c708-4668-9146-2bcf25ac5542 // CNNVD: CNNVD-201802-464

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-012579

PATCH
title:HPESBHF03717url:https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03717en_us
Trust: 0.8
title:Hewlett Packard Enterprise has issued an update to correct this vulnerability.url:https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03717en_us
Trust: 0.7
title:HPE Intelligent Management Center PLAT remotely executes patches for arbitrary code vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/122091
Trust: 0.6
title:HPE Intelligent Management Center PLAT Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78543
Trust: 0.6
sources:
            
            
            ZDI: ZDI-17-163 // 
            
            
            
            CNVD: CNVD-2018-05720 // 
            
            
            
            JVNDB: JVNDB-2017-012579 // 
            
            
            
            CNNVD: CNNVD-201802-464

EXTERNAL IDS
db:NVDid:CVE-2017-5793
Trust: 3.9
db:CNVDid:CNVD-2018-05720
Trust: 0.8
db:CNNVDid:CNNVD-201802-464
Trust: 0.8
db:JVNDBid:JVNDB-2017-012579
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-4054
Trust: 0.7
db:ZDIid:ZDI-17-163
Trust: 0.7
db:IVDid:2D58912C-C708-4668-9146-2BCF25AC5542
Trust: 0.2
sources:
            
            
            IVD: 2d58912c-c708-4668-9146-2bcf25ac5542 // 
            
            
            
            ZDI: ZDI-17-163 // 
            
            
            
            CNVD: CNVD-2018-05720 // 
            
            
            
            JVNDB: JVNDB-2017-012579 // 
            
            
            
            CNNVD: CNNVD-201802-464 // 
            
            
            
            NVD: CVE-2017-5793

REFERENCES
url:https://support.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbhf03717en_us
Trust: 2.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5793
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-5793
Trust: 0.8
url:https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbhf03717en_us
Trust: 0.7
sources:
            
            
            ZDI: ZDI-17-163 // 
            
            
            
            CNVD: CNVD-2018-05720 // 
            
            
            
            JVNDB: JVNDB-2017-012579 // 
            
            
            
            CNNVD: CNNVD-201802-464 // 
            
            
            
            NVD: CVE-2017-5793

CREDITS
rgod
Trust: 0.7
sources:
            
            
            ZDI: ZDI-17-163

SOURCES
db:IVDid:2d58912c-c708-4668-9146-2bcf25ac5542
db:ZDIid:ZDI-17-163
db:CNVDid:CNVD-2018-05720
db:JVNDBid:JVNDB-2017-012579
db:CNNVDid:CNNVD-201802-464
db:NVDid:CVE-2017-5793

LAST UPDATE DATE
2024-08-14T15:34:26.455000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-17-163date:2017-03-11T00:00:00
db:CNVDid:CNVD-2018-05720date:2019-05-17T00:00:00
db:JVNDBid:JVNDB-2017-012579date:2018-03-23T00:00:00
db:CNNVDid:CNNVD-201802-464date:2018-02-24T00:00:00
db:NVDid:CVE-2017-5793date:2018-03-07T16:02:17.860

SOURCES RELEASE DATE
db:IVDid:2d58912c-c708-4668-9146-2bcf25ac5542date:2018-03-20T00:00:00
db:ZDIid:ZDI-17-163date:2017-03-11T00:00:00
db:CNVDid:CNVD-2018-05720date:2018-03-20T00:00:00
db:JVNDBid:JVNDB-2017-012579date:2018-03-23T00:00:00
db:CNNVDid:CNNVD-201802-464date:2018-02-24T00:00:00
db:NVDid:CVE-2017-5793date:2018-02-15T22:29:05.793