Vulnerabilities > CVE-2012-2006 - Remote Security vulnerability in HP Insight Management Agents Unspecified

CVSS 4.9 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

SINGLE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

microsoft

nessus

NVD

Published: 2012-05-02

Updated: 2019-02-26

Summary

Unspecified vulnerability in HP Insight Management Agents before 9.0.0.0 on Windows Server 2003 and 2008 allows remote attackers to modify data or cause a denial of service via unknown vectors.

Vulnerable Configurations

Part	Description	Count
Application	Hp HP Insight Management Agents 6.30.0.0 HP Insight Management Agents 6.31.0.0 HP Insight Management Agents 6.40.0.0 HP Insight Management Agents 7.0.0.0 HP Insight Management Agents 7.10.0.0 HP Insight Management Agents 7.20.0.0 HP Insight Management Agents 7.30.0.0 HP Insight Management Agents 7.40.0.0 HP Insight Management Agents 7.40.1.0 HP Insight Management Agents 7.41.0.0 HP Insight Management Agents 7.50.0.0 HP Insight Management Agents 7.51.0.0 HP Insight Management Agents 7.60.0.0 HP Insight Management Agents 7.70.0.0 HP Insight Management Agents 7.80.0.0 HP Insight Management Agents 7.90.0.0 HP Insight Management Agents 7.91.0.0 HP Insight Management Agents 7.95.0.0 HP Insight Management Agents 8.0.0.0 HP Insight Management Agents 8.1.0.0 HP Insight Management Agents 8.5 HP Insight Management Agents 8.10.0.0 HP Insight Management Agents 8.11.0.0 HP Insight Management Agents 8.15.0.0 HP Insight Management Agents 8.20.0.0 HP Insight Management Agents 8.22.0.0 HP Insight Management Agents 8.26.0.0 HP Insight Management Agents 8.30.0.0 HP Insight Management Agents 8.40.0.0 HP Insight Management Agents 8.50.0.0 HP Insight Management Agents 8.60.0.0 HP Insight Management Agents 8.70.0.0	33
OS	Microsoft Microsoft Windows 2003 Server * Microsoft Windows Server 2003 * Microsoft Windows Server 2008 -	4

Nessus

NASL family	Windows
NASL id	HP_INSIGHT_MGMT_AGENTS_WEB_VULNS.NASL
description	According to its version, the installation of HP Insight Management Agents on the remote host has multiple unspecified vulnerabilities, including cross-site scripting, cross-site request forgery, denial of service, and unauthorized modification.
last seen	2020-06-01
modified	2020-06-02
plugin id	59055
published	2012-05-09
reporter	This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/59055
title	HP Insight Management Agents Multiple Vulnerabilities
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(59055); script_version("1.4"); script_cvs_date("Date: 2018/07/12 19:01:17"); script_cve_id( "CVE-2012-2003", "CVE-2012-2004", "CVE-2012-2005", "CVE-2012-2006" ); script_bugtraq_id(53341); script_name(english:"HP Insight Management Agents Multiple Vulnerabilities"); script_summary(english:"Checks file version"); script_set_attribute( attribute:"synopsis", value: "The management agent installed on the remote Windows host has multiple vulnerabilities." ); script_set_attribute( attribute:"description", value: "According to its version, the installation of HP Insight Management Agents on the remote host has multiple unspecified vulnerabilities, including cross-site scripting, cross-site request forgery, denial of service, and unauthorized modification." ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03301267 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7efecd6b"); script_set_attribute( attribute:"solution", value:"Upgrade to HP Insight Management Agents 9.0.0.0 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"vuln_publication_date", value:"2012/05/01"); script_set_attribute(attribute:"patch_publication_date", value:"2012/05/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/05/09"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:hp:insight_management_agents"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc."); script_dependencies("smb_hotfixes.nasl", "smb_enum_services.nasl"); script_require_ports(139, 445); exit(0); } include("smb_func.inc"); include("smb_hotfixes.inc"); include("smb_hotfixes_fcheck.inc"); include("smb_reg_query.inc"); include("misc_func.inc"); include("audit.inc"); # Covers the three services installed by HP Insight Management Agents installer: CqMgHost, CqMgServ, CqMgStor get_kb_list_or_exit('SMB/svc/CqMg*'); if (!is_accessible_share()) audit(AUDIT_FN_FAIL, 'is_accessible_share'); path = hotfix_get_systemroot() + "\system32\CpqMgmt\agentver.dll"; ver = hotfix_get_fversion(path:path); hotfix_check_fversion_end(); if (ver['error'] != HCF_OK) audit(AUDIT_VER_FAIL, path); else ver = ver['value']; ver = join(ver, sep:'.'); fix = '9.0.0.0'; if (ver_compare(ver:ver, fix:fix) >= 0) audit(AUDIT_INST_VER_NOT_VULN, 'HP Insight Management Agents', ver); port = kb_smb_transport(); set_kb_item(name:'www/0/XSRF', value:TRUE); set_kb_item(name:'www/0/XSS', value:TRUE); if (report_verbosity > 0) { report = '\n Path : ' + path + '\n Installed version : ' + ver + '\n Fixed Version : ' + fix + '\n'; security_warning(port:port, extra:report); } else security_warning(port);

Summary

Vulnerable Configurations

Nessus

References