Vulnerabilities > CVE-2012-5204 - Unspecified vulnerability in HP products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
hp
nessus
metasploit

Summary

Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, aka ZDI-CAN-1614.

Metasploit

descriptionThis module exploits a lack of authentication and a directory traversal in HP Intelligent Management, specifically in the IctDownloadServlet, in order to retrieve arbitrary files with SYSTEM privileges. This module has been tested successfully on HP Intelligent Management Center 5.1 E0202 over Windows 2003 SP2.
idMSF:AUXILIARY/SCANNER/HTTP/HP_IMC_ICTDOWNLOADSERVLET_TRAVERSAL
last seen2020-01-10
modified2017-07-24
published2013-04-02
referenceshttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5204
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/http/hp_imc_ictdownloadservlet_traversal.rb
titleHP Intelligent Management IctDownloadServlet Directory Traversal

Nessus

NASL familyGain a shell remotely
NASL idHP_IMC_52_E401.NASL
descriptionThe version of HP Intelligent Management Center running on the remote host is potentially affected by multiple vulnerabilities : - A cross-site scripting vulnerability exists in the
last seen2020-06-01
modified2020-06-02
plugin id65255
published2013-03-13
reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/65255
titleHP Intelligent Management Center < 5.2 E401 Multiple Vulnerabilities
code
#
# (C) Tenable Network Security, Inc.
#


include("compat.inc");


if (description)
{
  script_id(65255);
  script_version("1.16");
  script_cvs_date("Date: 2018/11/15 20:50:22");

  script_cve_id(
    "CVE-2012-5200",
    "CVE-2012-5201",
    "CVE-2012-5202",
    "CVE-2012-5203",
    "CVE-2012-5204",
    "CVE-2012-5205",
    "CVE-2012-5206",
    "CVE-2012-5207",
    "CVE-2012-5208",
    "CVE-2012-5209",
    "CVE-2012-5212",
    "CVE-2012-5213"
  );
  script_bugtraq_id(
    58293, 
    58672, 
    58673, 
    58675, 
    58676, 
    58677,
    58965,
    58966,
    58968,
    58969,
    58970,
    58972,
    58973
  );

  script_name(english:"HP Intelligent Management Center < 5.2 E401 Multiple Vulnerabilities");
  script_summary(english:"Checks version");

  script_set_attribute(
    attribute:"synopsis",
    value:
"The version of HP Intelligent Management Center running on the remote
host is affected by multiple vulnerabilities."
  );
  script_set_attribute(
    attribute:"description",
    value:
"The version of HP Intelligent Management Center running on the remote
host is potentially affected by multiple vulnerabilities :

  - A cross-site scripting vulnerability exists in the
    'opentopo_symbolid' parameter of the 'topoContent.jsf'
    script. (CVE-2012-5200)

  - Multiple code execution vulnerabilities exist.
    (CVE-2012-5201, CVE-2012-5209)

  - Multiple information disclosure vulnerabilities exist.
    (CVE-2012-5202, CVE-2012-5203, CVE-2012-5204,
     CVE-2012-5205, CVE-2012-5206, CVE-2012-5207,
     CVE-2012-5208, CVE-2012-5212, CVE-2012-5213)"
  );

  # https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c03689276-1
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?935b94fc");
  script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/525928/30/0/threaded");
  script_set_attribute(attribute:"see_also", value:"https://seclists.org/fulldisclosure/2013/Mar/44");
  script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20120920065410/http://security.inshell.net/advisory/32");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-13-050/");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-13-051/");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-13-052/");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-13-053/");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-13-054/");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-13-057/");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-13-060/");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-13-061/");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-13-062/");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-13-063/");
  script_set_attribute(attribute:"solution", value:"Upgrade to 5.2 E401 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'HP Intelligent Management Center Arbitrary File Upload');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2013/03/04");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/03/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/03/13");

  script_set_attribute(attribute:"cpe", value:"cpe:/a:hp:intelligent_management_center");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Gain a shell remotely");

  script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.");

  script_dependencies('hp_imc_detect.nbin');
  script_require_ports('Services/activemq', 61616);
  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");

# Figure out which port to use
port = get_service(svc:'activemq', default:61616, exit_on_fail:TRUE);

version = get_kb_item_or_exit('hp/hp_imc/'+port+'/version');

# Versions 5.1 E0202 and earlier are affected
if (version =~ '^([0-4]\\.|5\\.(0\\-|1\\-E0([0-9]{1,2}|[01][0-9]{2}|20[02])([^0-9]|$)))')
{
  if (report_verbosity > 0)
  {
    report =
      '\n  Installed version : ' + version +
      '\n  Fixed version     : 5.2-E0401' +
      '\n';
    security_hole(port:port, extra:report);
  }
  else security_hole(port);
  exit(0);
}
else audit(AUDIT_LISTEN_NOT_VULN, 'HP Intelligent Management Center', port, version);