Vulnerabilities > CVE-2013-4835 - Unspecified vulnerability in HP Sitescope

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
hp
nessus
exploit available
metasploit
NVD
Published: 2013-11-04
Updated: 2024-11-21

Summary

The APISiteScopeImpl SOAP service in HP SiteScope 10.1x and 11.x before 11.22 allows remote attackers to bypass authentication and execute arbitrary code via a direct request to the issueSiebelCmd method, aka ZDI-CAN-1765.

Vulnerable Configurations

Part Description Count
Application
Hp
9

D2sec

nameHP SiteScope issueSiebelCmd 11.20 RCE
urlhttp://www.d2sec.com/exploits/hp_sitescope_issuesiebelcmd_11.20_rce.html

Exploit-Db

descriptionHP SiteScope issueSiebelCmd Remote Code Execution. CVE-2013-4835. Remote exploit for unix platform
fileexploits/unix/remote/30473.rb
idEDB-ID:30473
last seen2016-02-03
modified2013-12-24
platformunix
port8080
published2013-12-24
reportermetasploit
sourcehttps://www.exploit-db.com/download/30473/
titleHP SiteScope issueSiebelCmd - Remote Code Execution
typeremote

Metasploit

descriptionThis module exploits a code execution flaw in HP SiteScope. The vulnerability exists in the APISiteScopeImpl web service, specifically in the issueSiebelCmd method, which allows the user to execute arbitrary commands without authentication. This module has been tested successfully on HP SiteScope 11.20 over Windows 2003 SP2, Windows 2008 and CentOS 6.5.
idMSF:EXPLOIT/MULTI/HTTP/HP_SITESCOPE_ISSUESIEBELCMD
last seen2020-06-07
modified2017-07-24
published2013-12-19
referenceshttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4835
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/multi/http/hp_sitescope_issuesiebelcmd.rb
titleHP SiteScope issueSiebelCmd Remote Code Execution

Nessus

NASL familyCGI abuses
NASL idHP_SITESCOPE_HPSBGN02904.NASL
descriptionThe version of HP SiteScope installed on the remote host is potentially affected by the following code execution vulnerabilities : - Unspecified errors exist related to SOAP functionality for which no further details have been provided. (CVE-2013-2367) - An error exists related to handling the SOAP command
last seen2020-06-01
modified2020-06-02
plugin id69195
published2013-08-02
reporterThis script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/69195
titleHP SiteScope Multiple Unspecified Remote Code Execution Vulnerabilities
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(69195);
  script_version("1.21");
  script_cvs_date("Date: 2018/11/28 22:47:41");

  script_cve_id("CVE-2013-2367", "CVE-2013-4835", "CVE-2013-6207");
  script_bugtraq_id(61506, 63478, 65972);

  script_name(english:"HP SiteScope Multiple Unspecified Remote Code Execution Vulnerabilities");
  script_summary(english:"Checks version of HP SiteScope");

  script_set_attribute(attribute:"synopsis", value:
"A web application installed on the remote host is affected by
multiple, unspecified code execution vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of HP SiteScope installed on the remote host is potentially
affected by the following code execution vulnerabilities :

  - Unspecified errors exist related to SOAP functionality
    for which no further details have been provided.
    (CVE-2013-2367)

  - An error exists related to handling the SOAP command
    'issueSiebelCmd'. (CVE-2013-4835)

  - An error exists related to handling the SOAP command
    'loadFileContents'. (CVE-2013-6207)

By exploiting these flaws, a remote, unauthenticated attacker could
execute arbitrary code on the remote host subject to the privileges
of the user running the affected application.");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-13-263/");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-14-043/");
  # https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c03861260-1
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4a20c50c");
  # https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c03969435-1
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7b0f0636");
  script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/531342/30/0/threaded");
  script_set_attribute(attribute:"solution", value:
"Upgrade to HP SiteScope 11.22 or later.

Alternatively, apply Cumulative Fixes SS1014131211 (for 10.14) /
SS1113131211 (for 11.13).");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"d2_elliot_name", value:"HP SiteScope runOMAgentCommand 11.20 RCE");
  script_set_attribute(attribute:"exploit_framework_d2_elliot", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'HP SiteScope issueSiebelCmd Remote Code Execution');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack');

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/07/29");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/07/29");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/08/02");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:hp:sitescope");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("hp_sitescope_detect.nasl");
  script_require_keys("www/sitescope");
  script_require_ports("Services/www", 8080);

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("webapp_func.inc");
include("http.inc");

port = get_http_port(default:8080);

install = get_install_from_kb(appname:'sitescope', port:port, exit_on_fail:TRUE);
version = install['ver'];
dir = install['dir'];

if (version == UNKNOWN_VER) audit(AUDIT_UNKNOWN_WEB_APP_VER, 'HP SiteScope', build_url(port:port, qs:dir));

ver = split(version, sep:'.', keep:FALSE);
for (i=0; i < max_index(ver); i++)
  ver[i] = int(ver[i]);

if (
  (
    ver[0] == 10 &&
    (ver[1] < 14 || (report_paranoia == 2 && ver[1] == 14))
  ) ||
  (
    ver[0] == 11 &&
    (
      ver[1] < 13 ||
      (report_paranoia == 2 && ver[1] == 13) ||
      ver[1] == 20 ||
      ver[1] == 21
    )
  )
)
{
  if (report_verbosity > 0)
  {
    report =
      '\n  URL               : ' + build_url(port:port, qs:dir) +
      '\n  Installed version : ' + version +
      '\n  Fixed version     : 10.14 with Cumulative Fixes SS1014131211 / 11.13 with SS1113131211 / 11.22\n';
    security_hole(port:port, extra:report);
  }
  else security_hole(port);
  exit(0);
}
else audit(AUDIT_WEB_APP_NOT_AFFECTED, 'HP SiteScope',  build_url(port:port, qs:dir), version);

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/124565/hp_sitescope_issuesiebelcmd.rb.txt
idPACKETSTORM:124565
last seen2016-12-05
published2013-12-23
reporterrgod
sourcehttps://packetstormsecurity.com/files/124565/HP-SiteScope-issueSiebelCmd-Remote-Code-Execution.html
titleHP SiteScope issueSiebelCmd Remote Code Execution

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 63478 CVE(CAN) ID: CVE-2013-4835 HP SiteScope是无代理监控软件,可维护其分布式IT基础架构的可用性和性能。 HP SiteScope 11.22之前版本在处理&quot;issueSiebelCmd&quot; SOAP请求的实现上存在安全漏洞,成功利用后可导致执行任意代码。 0 HP SiteScope &lt; 11.22 厂商补丁: HP -- HP已经为此发布了一个安全公告(HPSBMU02933)以及相应补丁: HPSBMU02933:HP SiteScope, issueSiebelCmd SOAP Request, Remote Code Execution 链接:http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDispl
idSSV:61207
last seen2017-11-19
modified2013-12-25
published2013-12-25
reporterRoot
sourcehttps://www.seebug.org/vuldb/ssvid-61207
titleHP SiteScope 'issueSiebelCmd' SOAP请求远程代码执行漏洞

References