Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 HTTP:HPE-INJECTION-RCE

Severity

 Major

Recommended

 Yes

Recommended Action

 Drop

Category

 HTTP

Keywords

 HPE Intelligent Management Center wmiConfigContent Expression Language Injection

Release Date

 2017/08/31

Update Number

 2985

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

HTTP: HPE Intelligent Management Center wmiConfigContent Expression Language Injection


An Expression Language injection vulnerability has been reported in HPE Intelligent Management Center. A remote, authenticated attacker can exploit this vulnerability by sending a crafted request to the target server. Successful exploitation results in the execution of arbitrary code under the security context of the SYSTEM user

Extended Description

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.

Affected Products

  • Hp intelligent_management_center 7.3

References

  • CVE: CVE-2017-12526
  • URL: http://www.zerodayinitiative.com/advisories/zdi-17-690/
  • URL: https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbhf03768en_us

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out