Showing 1 - 2 of 2

CVE-2017-8982

Status Candidate

Overview

A Remote Authentication Restriction Bypass vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P4 was found.

HPE iMC 7.3 Remote Code Execution: Posted May 18, 2018; Authored by mr_me, trendytofu | Site metasploit.com; This Metasploit module exploits an expression language injection vulnerability, along with an authentication bypass vulnerability in Hewlett Packard Enterprise Intelligent Management Center before version 7.3 E0504P04 to achieve remote code execution. The HP iMC server suffers from multiple vulnerabilities allows unauthenticated attacker to execute arbitrary Expression Language via the beanName parameter, allowing execution of arbitrary operating system commands as SYSTEM. This service listens on TCP port 8080 and 8443 by default. This Metasploit module has been tested successfully on iMC PLAT v7.3(E0504P02) on Windows 2k12r2 x64 (EN).; tags | exploit, remote, arbitrary, tcp, vulnerability, code execution, bypass; systems | windows; advisories | CVE-2017-12500, CVE-2017-8982; SHA-256 | b166549e96ca5f700cae312fff860951240a2ec47a3b5fe73610d4185f4d4fe2; Download | Favorite | View

HPE Security Bulletin HPESBHF03809 1: Posted Jan 29, 2018; Authored by Hewlett Packard Enterprise | Site hpe.com; HPE Security Bulletin HPESBHF03809 1 - A security vulnerability has been identified in HPE Intelligent Management Center (iMC) PLAT 7.3 E0504P02. This vulnerability could be remotely exploited to allow remote authentication bypass. Revision 1 of this advisory.; tags | advisory, remote; advisories | CVE-2017-8982; SHA-256 | 899f031fca7ebb415b6fc38f26f55e9f0b3848e6dcc01a5e142117df302c5603; Download | Favorite | View

Page 1 of 1 Back 1 Next