Vulnerabilities > CVE-2013-4835 - Unspecified vulnerability in HP Sitescope

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

nessus

exploit available

metasploit

NVD

Published: 2013-11-04

Updated: 2017-07-01

Summary

The APISiteScopeImpl SOAP service in HP SiteScope 10.1x and 11.x before 11.22 allows remote attackers to bypass authentication and execute arbitrary code via a direct request to the issueSiebelCmd method, aka ZDI-CAN-1765.

Vulnerable Configurations

Part	Description	Count
Application	Hp HP Sitescope 10.11 HP Sitescope 10.13 HP Sitescope 11.01 HP Sitescope 11.1 HP Sitescope 11.10 HP Sitescope 11.11 HP Sitescope 11.12 HP Sitescope 11.20 HP Sitescope 11.21	9

D2sec

name	HP SiteScope issueSiebelCmd 11.20 RCE
url	http://www.d2sec.com/exploits/hp_sitescope_issuesiebelcmd_11.20_rce.html

Exploit-Db

description	HP SiteScope issueSiebelCmd Remote Code Execution. CVE-2013-4835. Remote exploit for unix platform
file	exploits/unix/remote/30473.rb
id	EDB-ID:30473
last seen	2016-02-03
modified	2013-12-24
platform	unix
port	8080
published	2013-12-24
reporter	metasploit
source	https://www.exploit-db.com/download/30473/
title	HP SiteScope issueSiebelCmd - Remote Code Execution
type	remote

Metasploit

description	This module exploits a code execution flaw in HP SiteScope. The vulnerability exists in the APISiteScopeImpl web service, specifically in the issueSiebelCmd method, which allows the user to execute arbitrary commands without authentication. This module has been tested successfully on HP SiteScope 11.20 over Windows 2003 SP2, Windows 2008 and CentOS 6.5.
id	MSF:EXPLOIT/MULTI/HTTP/HP_SITESCOPE_ISSUESIEBELCMD
last seen	2020-06-07
modified	2017-07-24
published	2013-12-19
references	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4835
reporter	Rapid7
source	https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/multi/http/hp_sitescope_issuesiebelcmd.rb
title	HP SiteScope issueSiebelCmd Remote Code Execution

Nessus

NASL family	CGI abuses
NASL id	HP_SITESCOPE_HPSBGN02904.NASL
description	The version of HP SiteScope installed on the remote host is potentially affected by the following code execution vulnerabilities : - Unspecified errors exist related to SOAP functionality for which no further details have been provided. (CVE-2013-2367) - An error exists related to handling the SOAP command
last seen	2020-06-01
modified	2020-06-02
plugin id	69195
published	2013-08-02
reporter	This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/69195
title	HP SiteScope Multiple Unspecified Remote Code Execution Vulnerabilities
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(69195); script_version("1.21"); script_cvs_date("Date: 2018/11/28 22:47:41"); script_cve_id("CVE-2013-2367", "CVE-2013-4835", "CVE-2013-6207"); script_bugtraq_id(61506, 63478, 65972); script_name(english:"HP SiteScope Multiple Unspecified Remote Code Execution Vulnerabilities"); script_summary(english:"Checks version of HP SiteScope"); script_set_attribute(attribute:"synopsis", value: "A web application installed on the remote host is affected by multiple, unspecified code execution vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of HP SiteScope installed on the remote host is potentially affected by the following code execution vulnerabilities : - Unspecified errors exist related to SOAP functionality for which no further details have been provided. (CVE-2013-2367) - An error exists related to handling the SOAP command 'issueSiebelCmd'. (CVE-2013-4835) - An error exists related to handling the SOAP command 'loadFileContents'. (CVE-2013-6207) By exploiting these flaws, a remote, unauthenticated attacker could execute arbitrary code on the remote host subject to the privileges of the user running the affected application."); script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-13-263/"); script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-14-043/"); # https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c03861260-1 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4a20c50c"); # https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c03969435-1 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7b0f0636"); script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/531342/30/0/threaded"); script_set_attribute(attribute:"solution", value: "Upgrade to HP SiteScope 11.22 or later. Alternatively, apply Cumulative Fixes SS1014131211 (for 10.14) / SS1113131211 (for 11.13)."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"d2_elliot_name", value:"HP SiteScope runOMAgentCommand 11.20 RCE"); script_set_attribute(attribute:"exploit_framework_d2_elliot", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'HP SiteScope issueSiebelCmd Remote Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack'); script_set_attribute(attribute:"vuln_publication_date", value:"2013/07/29"); script_set_attribute(attribute:"patch_publication_date", value:"2013/07/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/08/02"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:hp:sitescope"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("hp_sitescope_detect.nasl"); script_require_keys("www/sitescope"); script_require_ports("Services/www", 8080); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("webapp_func.inc"); include("http.inc"); port = get_http_port(default:8080); install = get_install_from_kb(appname:'sitescope', port:port, exit_on_fail:TRUE); version = install['ver']; dir = install['dir']; if (version == UNKNOWN_VER) audit(AUDIT_UNKNOWN_WEB_APP_VER, 'HP SiteScope', build_url(port:port, qs:dir)); ver = split(version, sep:'.', keep:FALSE); for (i=0; i < max_index(ver); i++) ver[i] = int(ver[i]); if ( ( ver[0] == 10 && (ver[1] < 14 \|\| (report_paranoia == 2 && ver[1] == 14)) ) \|\| ( ver[0] == 11 && ( ver[1] < 13 \|\| (report_paranoia == 2 && ver[1] == 13) \|\| ver[1] == 20 \|\| ver[1] == 21 ) ) ) { if (report_verbosity > 0) { report = '\n URL : ' + build_url(port:port, qs:dir) + '\n Installed version : ' + version + '\n Fixed version : 10.14 with Cumulative Fixes SS1014131211 / 11.13 with SS1113131211 / 11.22\n'; security_hole(port:port, extra:report); } else security_hole(port); exit(0); } else audit(AUDIT_WEB_APP_NOT_AFFECTED, 'HP SiteScope', build_url(port:port, qs:dir), version);

Packetstorm

data source	https://packetstormsecurity.com/files/download/124565/hp_sitescope_issuesiebelcmd.rb.txt
id	PACKETSTORM:124565
last seen	2016-12-05
published	2013-12-23
reporter	rgod
source	https://packetstormsecurity.com/files/124565/HP-SiteScope-issueSiebelCmd-Remote-Code-Execution.html
title	HP SiteScope issueSiebelCmd Remote Code Execution

Seebug

bulletinFamily	exploit
description	BUGTRAQ ID: 63478 CVE(CAN) ID: CVE-2013-4835 HP SiteScope是无代理监控软件，可维护其分布式IT基础架构的可用性和性能。 HP SiteScope 11.22之前版本在处理"issueSiebelCmd" SOAP请求的实现上存在安全漏洞，成功利用后可导致执行任意代码。 0 HP SiteScope < 11.22 厂商补丁： HP -- HP已经为此发布了一个安全公告（HPSBMU02933）以及相应补丁: HPSBMU02933：HP SiteScope, issueSiebelCmd SOAP Request, Remote Code Execution 链接：http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDispl
id	SSV:61207
last seen	2017-11-19
modified	2013-12-25
published	2013-12-25
reporter	Root
source	https://www.seebug.org/vuldb/ssvid-61207
title	HP SiteScope 'issueSiebelCmd' SOAP请求远程代码执行漏洞

Summary

Vulnerable Configurations

D2sec

Exploit-Db

Metasploit

Nessus

Packetstorm

Seebug

References