CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
98.6%
Added: 10/14/2011
CVE: CVE-2011-1867
BID: 48527
OSVDB: 73597
HP Intelligent Management Center, also known as HP iNode Management Center, is a comprehensive management platform for delivering integrated, modular network management capabilities. The **iNodeMngChecker.exe**
component listens, by default, on port 9090/tcp.
HP Intelligent Management Center’s **iNodeMngChecker.exe**
component is vulnerable to remote code execution in the context of the SYSTEM user as a result of a stack buffer overflow caused by improper bounds checking when handling the 0x0A0BF007 packet type.
Apply updates as identified in HP Security Bulletin HPSB3C02687 SSRT100377.
<http://www.zerodayinitiative.com/advisories/ZDI-11-232/>
Exploit works on HP iNode Management Center 5.0 E0101.
The IO-Socket-SSL PERL module is required for this exploit to run. This module is available from <http://www.cpan.org/modules/by-module/IO/>.
Windows