CVE-2017-8982

Related Files

HPE iMC 7.3 Remote Code Execution

Posted May 18, 2018

Authored by mr_me, trendytofu | Site metasploit.com

This Metasploit module exploits an expression language injection vulnerability, along with an authentication bypass vulnerability in Hewlett Packard Enterprise Intelligent Management Center before version 7.3 E0504P04 to achieve remote code execution. The HP iMC server suffers from multiple vulnerabilities allows unauthenticated attacker to execute arbitrary Expression Language via the beanName parameter, allowing execution of arbitrary operating system commands as SYSTEM. This service listens on TCP port 8080 and 8443 by default. This Metasploit module has been tested successfully on iMC PLAT v7.3(E0504P02) on Windows 2k12r2 x64 (EN).

tags | exploit, remote, arbitrary, tcp, vulnerability, code execution, bypass

systems | windows

advisories | CVE-2017-12500, CVE-2017-8982

SHA-256 | b166549e96ca5f700cae312fff860951240a2ec47a3b5fe73610d4185f4d4fe2

Download | Favorite | View

HPE Security Bulletin HPESBHF03809 1

Posted Jan 29, 2018

Authored by Hewlett Packard Enterprise | Site hpe.com

HPE Security Bulletin HPESBHF03809 1 - A security vulnerability has been identified in HPE Intelligent Management Center (iMC) PLAT 7.3 E0504P02. This vulnerability could be remotely exploited to allow remote authentication bypass. Revision 1 of this advisory.

tags | advisory, remote

advisories | CVE-2017-8982

SHA-256 | 899f031fca7ebb415b6fc38f26f55e9f0b3848e6dcc01a5e142117df302c5603

Download | Favorite | View