Signature Detail

HTTP: Hewlett Packard Enterprise Vertica validateAdminConfig Remote Command Injection

A remote command injection vulnerability exists in the Management Console for Hewlett Packard Enterprise Vertica. Successful exploitation would allow the attacker to execute arbitrary OS commands in the underlying system as root privileges

Extended Description

The validateAdminConfig handler in the Analytics Management Console in HPE Vertica 7.0.x before 7.0.2.12, 7.1.x before 7.1.2-12, and 7.2.x before 7.2.2-1 allows remote attackers to execute arbitrary commands via the mcPort parameter, aka ZDI-CAN-3417.

Affected Products

• Hp vertica 7.0.0
• Hp vertica 7.0.2-10
• Hp vertica 7.0.2-7
• Hp vertica 7.0.2-8
• Hp vertica 7.1.0
• Hp vertica 7.1.0-1
• Hp vertica 7.1.0-2
• Hp vertica 7.1.0-3
• Hp vertica 7.1.0-4
• Hp vertica 7.1.1
• Hp vertica 7.1.1-10
• Hp vertica 7.1.1-11
• Hp vertica 7.1.1-12
• Hp vertica 7.1.1-2
• Hp vertica 7.1.1-3
• Hp vertica 7.1.1-4
• Hp vertica 7.1.1-5
• Hp vertica 7.1.1-6
• Hp vertica 7.1.1-7
• Hp vertica 7.1.1-8
• Hp vertica 7.1.1-9
• Hp vertica 7.1.2
• Hp vertica 7.1.2-1
• Hp vertica 7.1.2-10
• Hp vertica 7.1.2-11
• Hp vertica 7.1.2-2
• Hp vertica 7.1.2-3
• Hp vertica 7.1.2-4
• Hp vertica 7.1.2-5
• Hp vertica 7.1.2-6
• Hp vertica 7.1.2-7
• Hp vertica 7.1.2-8
• Hp vertica 7.1.2-9
• Hp vertica 7.2.0
• Hp vertica 7.2.1
• Hp vertica 7.2.1-1
• Hp vertica 7.2.1-3
• Hp vertica 7.2.1-4
• Hp vertica 7.2.1-5

References

• CVE: CVE-2016-2002