Check Point Advisories

Update Protection against HP Power Manager Remote Code Execution

Check Point Reference: CPAI-2009-300
Date Published: 19 Nov 2009
Severity: Critical
Last Updated: Thursday 01 January, 2009
Source: Secunia: SA37276
Industry Reference:CVE-2009-2685
Protection Provided by:
Who is Vulnerable? HP Power Manager
Vulnerability Description A remote code execution vulnerability exists within HP Power Manager, a web-based application for managing a HP Uninterruptible Power System (UPS). The vulnerability is due to insufficient bounds checking in the HP Power Manager while processing URL parameters in the login form of the web based management web server. Remote attackers can exploit this vulnerability by sending malicious HTTP requests to the target. Successful exploitation could result in execution of arbitrary code.
Update/Patch AvaliableThe vendor, HP, has released an advisory addressing this vulnerability: HP Support
Vulnerability DetailsThe vulnerability is due to lack of input validation of the Login variable on HTTP requests sent to the URI /goform/formLogin.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK