CVE-2011-1849 — Improper Input Validation in HP Intelligent Management Center

CWE-20 — Improper Input Validation CWE-284 — Improper Access Control4 documents4 sources

Severity

10.0CRITICALNVD

EPSS

15.7%

top 5.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

HP Intelligent Management Center

Timeline

PublishedMay 13

Latest updateMay 13

Description

tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to create or overwrite files, and subsequently execute arbitrary code, via a crafted WRQ request.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDhp/intelligent_management_center5.0

Patches

Patch: h20000.www2.hp.com ↗Patch: h20000.www2.hp.com ↗

🔴Vulnerability Details

GHSA

GHSA-3xmp-547j-hfx2: tftpserver↗2022-05-13

▶

CVEList

CVE-2011-1849: tftpserver↗2011-05-13

▶

📋Vendor Advisories

Red Hat

kernel: possible privilege escalation via SG_IO ioctl↗2011-12-22

▶