Vulnerabilities > CVE-2012-5201 - Unspecified vulnerability in HP products

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
hp
critical
nessus
exploit available
metasploit
NVD
Published: 2013-03-09
Updated: 2019-10-09

Summary

Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1611.

Vulnerable Configurations

Part Description Count
Application
Hp
11

Exploit-Db

descriptionHP Intelligent Management Center Arbitrary File Upload. CVE-2012-5201. Remote exploit for windows platform
idEDB-ID:24891
last seen2016-02-03
modified2013-03-26
published2013-03-26
reportermetasploit
sourcehttps://www.exploit-db.com/download/24891/
titleHP Intelligent Management Center Arbitrary File Upload

Metasploit

descriptionThis module exploits a code execution flaw in HP Intelligent Management Center. The vulnerability exists in the mibFileUpload which is accepting unauthenticated file uploads and handling zip contents in an insecure way. Combining both weaknesses a remote attacker can accomplish arbitrary file upload. This module has been tested successfully on HP Intelligent Management Center 5.1 E0202 over Windows 2003 SP2.
idMSF:EXPLOIT/WINDOWS/HTTP/HP_IMC_MIBFILEUPLOAD
last seen2020-05-24
modified2017-09-14
published2013-03-24
references
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/http/hp_imc_mibfileupload.rb
titleHP Intelligent Management Center Arbitrary File Upload

Nessus

NASL familyGain a shell remotely
NASL idHP_IMC_52_E401.NASL
descriptionThe version of HP Intelligent Management Center running on the remote host is potentially affected by multiple vulnerabilities : - A cross-site scripting vulnerability exists in the
last seen2020-06-01
modified2020-06-02
plugin id65255
published2013-03-13
reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/65255
titleHP Intelligent Management Center < 5.2 E401 Multiple Vulnerabilities
code
#
# (C) Tenable Network Security, Inc.
#


include("compat.inc");


if (description)
{
  script_id(65255);
  script_version("1.16");
  script_cvs_date("Date: 2018/11/15 20:50:22");

  script_cve_id(
    "CVE-2012-5200",
    "CVE-2012-5201",
    "CVE-2012-5202",
    "CVE-2012-5203",
    "CVE-2012-5204",
    "CVE-2012-5205",
    "CVE-2012-5206",
    "CVE-2012-5207",
    "CVE-2012-5208",
    "CVE-2012-5209",
    "CVE-2012-5212",
    "CVE-2012-5213"
  );
  script_bugtraq_id(
    58293, 
    58672, 
    58673, 
    58675, 
    58676, 
    58677,
    58965,
    58966,
    58968,
    58969,
    58970,
    58972,
    58973
  );

  script_name(english:"HP Intelligent Management Center < 5.2 E401 Multiple Vulnerabilities");
  script_summary(english:"Checks version");

  script_set_attribute(
    attribute:"synopsis",
    value:
"The version of HP Intelligent Management Center running on the remote
host is affected by multiple vulnerabilities."
  );
  script_set_attribute(
    attribute:"description",
    value:
"The version of HP Intelligent Management Center running on the remote
host is potentially affected by multiple vulnerabilities :

  - A cross-site scripting vulnerability exists in the
    'opentopo_symbolid' parameter of the 'topoContent.jsf'
    script. (CVE-2012-5200)

  - Multiple code execution vulnerabilities exist.
    (CVE-2012-5201, CVE-2012-5209)

  - Multiple information disclosure vulnerabilities exist.
    (CVE-2012-5202, CVE-2012-5203, CVE-2012-5204,
     CVE-2012-5205, CVE-2012-5206, CVE-2012-5207,
     CVE-2012-5208, CVE-2012-5212, CVE-2012-5213)"
  );

  # https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c03689276-1
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?935b94fc");
  script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/525928/30/0/threaded");
  script_set_attribute(attribute:"see_also", value:"https://seclists.org/fulldisclosure/2013/Mar/44");
  script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20120920065410/http://security.inshell.net/advisory/32");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-13-050/");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-13-051/");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-13-052/");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-13-053/");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-13-054/");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-13-057/");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-13-060/");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-13-061/");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-13-062/");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-13-063/");
  script_set_attribute(attribute:"solution", value:"Upgrade to 5.2 E401 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'HP Intelligent Management Center Arbitrary File Upload');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2013/03/04");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/03/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/03/13");

  script_set_attribute(attribute:"cpe", value:"cpe:/a:hp:intelligent_management_center");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Gain a shell remotely");

  script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.");

  script_dependencies('hp_imc_detect.nbin');
  script_require_ports('Services/activemq', 61616);
  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");

# Figure out which port to use
port = get_service(svc:'activemq', default:61616, exit_on_fail:TRUE);

version = get_kb_item_or_exit('hp/hp_imc/'+port+'/version');

# Versions 5.1 E0202 and earlier are affected
if (version =~ '^([0-4]\\.|5\\.(0\\-|1\\-E0([0-9]{1,2}|[01][0-9]{2}|20[02])([^0-9]|$)))')
{
  if (report_verbosity > 0)
  {
    report =
      '\n  Installed version : ' + version +
      '\n  Fixed version     : 5.2-E0401' +
      '\n';
    security_hole(port:port, extra:report);
  }
  else security_hole(port);
  exit(0);
}
else audit(AUDIT_LISTEN_NOT_VULN, 'HP Intelligent Management Center', port, version);

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/120949/hp_imc_mibfileupload.rb.txt
idPACKETSTORM:120949
last seen2016-12-05
published2013-03-26
reporterrgod
sourcehttps://packetstormsecurity.com/files/120949/HP-Intelligent-Management-Center-Arbitrary-File-Upload.html
titleHP Intelligent Management Center Arbitrary File Upload

Saint

bid58385
descriptionHP Intelligent Management Center mibFileUpload Servlet Unrestricted File Creation
osvdb91026
titlehp_imc_mibfileupload_servlet
typeremote

References