Details of VAR-201802-0171

ID

VAR-201802-0171

CVE

CVE-2017-5794

TITLE

HPE Intelligent Management Center PLAT Remote arbitrary file download vulnerability

Trust: 0.8

sources: IVD: 38e7ab91-2f84-4eff-8f7b-27ede7b52d7c // CNVD: CNVD-2018-05719

DESCRIPTION

A Remote Arbitrary File Download vulnerability in HPE Intelligent Management Center (IMC) PLAT version 7.2 E0403P06 was found. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within FileUploadServlet. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute arbitrary code under the context of SYSTEM. The solution provides network-wide visibility for comprehensive management of resources, services and users

Trust: 3.06

sources: NVD: CVE-2017-5794 // JVNDB: JVNDB-2017-012580 // ZDI: ZDI-17-164 // CNVD: CNVD-2018-05719 // IVD: 38e7ab91-2f84-4eff-8f7b-27ede7b52d7c // VULMON: CVE-2017-5794

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 38e7ab91-2f84-4eff-8f7b-27ede7b52d7c // CNVD: CNVD-2018-05719

AFFECTED PRODUCTS

vendor:	hp	model:	intelligent management center	scope:	eq	version:	7.2	Trust: 1.6
vendor:	hewlett packard	model:	hpe intelligent management center	scope:	eq	version:	7.2 e0403p06	Trust: 0.8
vendor:	hewlett packard	model:	intelligent management center	scope:	-	version:	-	Trust: 0.7
vendor:	hp	model:	intelligent management center imc plat e0403p06	scope:	eq	version:	7.2	Trust: 0.6
vendor:	intelligent management center	model:	-	scope:	eq	version:	7.2	Trust: 0.2

sources: IVD: 38e7ab91-2f84-4eff-8f7b-27ede7b52d7c // ZDI: ZDI-17-164 // CNVD: CNVD-2018-05719 // JVNDB: JVNDB-2017-012580 // CNNVD: CNNVD-201802-463 // NVD: CVE-2017-5794

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-5794
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-5794
value:	HIGH
Trust: 0.8
ZDI:	CVE-2017-5794
value:	HIGH
Trust: 0.7
CNVD:	CNVD-2018-05719
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201802-463
value:	CRITICAL
Trust: 0.6
IVD:	38e7ab91-2f84-4eff-8f7b-27ede7b52d7c
value:	CRITICAL
Trust: 0.2
VULMON:	CVE-2017-5794
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-5794
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 2.6
CNVD:	CNVD-2018-05719
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	38e7ab91-2f84-4eff-8f7b-27ede7b52d7c
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2017-5794
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: IVD: 38e7ab91-2f84-4eff-8f7b-27ede7b52d7c // ZDI: ZDI-17-164 // CNVD: CNVD-2018-05719 // VULMON: CVE-2017-5794 // JVNDB: JVNDB-2017-012580 // CNNVD: CNNVD-201802-463 // NVD: CVE-2017-5794

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2017-012580 // NVD: CVE-2017-5794

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201802-463

TYPE

Input validation

Trust: 0.8

sources: IVD: 38e7ab91-2f84-4eff-8f7b-27ede7b52d7c // CNNVD: CNNVD-201802-463

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-012580

PATCH

title:	HPESBHF03715	url:	https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03715en_us	Trust: 0.8
title:	Hewlett Packard Enterprise has issued an update to correct this vulnerability.	url:	https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03715en_us	Trust: 0.7
title:	Patch for HPE Intelligent Management Center PLAT Remote Any File Download Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/122087	Trust: 0.6
title:	HPE Intelligent Management Center PLAT Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78542	Trust: 0.6

sources: ZDI: ZDI-17-164 // CNVD: CNVD-2018-05719 // JVNDB: JVNDB-2017-012580 // CNNVD: CNNVD-201802-463

EXTERNAL IDS

db:	NVD	id:	CVE-2017-5794	Trust: 4.0
db:	CNVD	id:	CNVD-2018-05719	Trust: 0.8
db:	CNNVD	id:	CNNVD-201802-463	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-012580	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-4055	Trust: 0.7
db:	ZDI	id:	ZDI-17-164	Trust: 0.7
db:	IVD	id:	38E7AB91-2F84-4EFF-8F7B-27EDE7B52D7C	Trust: 0.2
db:	VULMON	id:	CVE-2017-5794	Trust: 0.1

REFERENCES

url:	https://support.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbhf03715en_us	Trust: 2.3
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5794	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-5794	Trust: 0.8
url:	https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbhf03715en_us	Trust: 0.7
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: ZDI: ZDI-17-164 // CNVD: CNVD-2018-05719 // VULMON: CVE-2017-5794 // JVNDB: JVNDB-2017-012580 // CNNVD: CNNVD-201802-463 // NVD: CVE-2017-5794

CREDITS

rgod

Trust: 0.7

sources: ZDI: ZDI-17-164

SOURCES

db:	IVD	id:	38e7ab91-2f84-4eff-8f7b-27ede7b52d7c
db:	ZDI	id:	ZDI-17-164
db:	CNVD	id:	CNVD-2018-05719
db:	VULMON	id:	CVE-2017-5794
db:	JVNDB	id:	JVNDB-2017-012580
db:	CNNVD	id:	CNNVD-201802-463
db:	NVD	id:	CVE-2017-5794

LAST UPDATE DATE

2024-11-23T23:02:13.346000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-17-164	date:	2017-03-11T00:00:00
db:	CNVD	id:	CNVD-2018-05719	date:	2019-05-17T00:00:00
db:	VULMON	id:	CVE-2017-5794	date:	2018-03-07T00:00:00
db:	JVNDB	id:	JVNDB-2017-012580	date:	2018-03-23T00:00:00
db:	CNNVD	id:	CNNVD-201802-463	date:	2018-02-24T00:00:00
db:	NVD	id:	CVE-2017-5794	date:	2024-11-21T03:28:23.390

SOURCES RELEASE DATE

db:	IVD	id:	38e7ab91-2f84-4eff-8f7b-27ede7b52d7c	date:	2018-03-20T00:00:00
db:	ZDI	id:	ZDI-17-164	date:	2017-03-11T00:00:00
db:	CNVD	id:	CNVD-2018-05719	date:	2018-03-20T00:00:00
db:	VULMON	id:	CVE-2017-5794	date:	2018-02-15T00:00:00
db:	JVNDB	id:	JVNDB-2017-012580	date:	2018-03-23T00:00:00
db:	CNNVD	id:	CNNVD-201802-463	date:	2018-02-24T00:00:00
db:	NVD	id:	CVE-2017-5794	date:	2018-02-15T22:29:05.840