HP Power Manager < 4.2.10 Multiple Vulnerabilities

2010-01-2200:00:00

Tenable

www.tenable.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.937

Percentile

99.2%

The installed version of HP Power Manager is earlier than 4.2.10. Such versions are potentially affected by the following vulnerabilities :

Adequate bounds checking is not performed on the ‘Login’ parameter of the login page, which could lead to a buffer overflow. A remote unauthenticated attacker could exploit this to execute arbitrary code as SYSTEM. (CVE-2009-2685)
Adequate bounds checking is not performed on the ‘fileName’ or ‘LogType’ parameter of ‘formExportDataLogs’, which could lead to a buffer overflow. A remote authenticated attacker could exploit this to execute arbitrary code as SYSTEM. (CVE-2009-3999)
The ‘filename’ parameter of ‘formExportDataLogs’ has a directory traversal vulnerability. A remote authenticated attacker could exploit this to overwrite arbitrary files with almost arbitrary data. This could result in a denial of service, or arbitrary code execution as SYSTEM. (CVE-2009-4900)