IOActive Security Advisory - IOActive has discovered multiple critical vulnerabilities within the Mercury SiteScope server monitoring software, some of which allow for complete remote compromise of the entire monitored network, as well as arbitrary code execution on all servers managed by the SiteScope software. All versions are affected.
bdf701facaff7c05ea1f467d97bae23f2034d266aaa8c38317cac7d77ffcb638IOActive Security Advisory
Title: Multiple Remote Vulnerabilities in Mercury SiteScope
Severity: Critical
Date Discovered: 10.05.2006
Date Reported: 05.21.2007
Date Disclosed: 09.20.2007
Affected Products:
Mercury SiteScope - All Versions
Synopsis:
IOActive has discovered multiple critical vulnerabilities within the
Mercury SiteScope server monitoring software, some of which allow for
complete remote compromise of the entire monitored network, as well as
arbitrary code execution on all servers managed by the SiteScope
software. It is stressed that, by design, the compromise of a single
SiteScope node, or the server side, allows for the compromise of every
server on the network with the SiteScope agent active.
IOActive is coordinating with the owners of this product, Hewlett
Packard, in order to expediently provide remediation patches for all
effected versions of the system. As such, technical details will not be
released with this advisory.
Description:
Pending patch release.
Technical Details:
Pending patch release.
Remediation:
A full patch for the vulnerabilities discovered by IOActive is
currently in development by Hewlett Packard.
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed