CVE-2011-1853 — Improper Input Validation in HP Intelligent Management Center

CWE-20 — Improper Input Validation4 documents4 sources

Severity

10.0CRITICALNVD

EPSS

15.7%

top 5.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

HP Intelligent Management Center

Timeline

PublishedMay 13

Latest updateMay 13

Description

tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via a (1) large or (2) invalid opcode field, related to a function pointer table.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDhp/intelligent_management_center5.0

Patches

Patch: h20000.www2.hp.com ↗Patch: h20000.www2.hp.com ↗

🔴Vulnerability Details

GHSA

GHSA-mcg8-rv6g-6g29: tftpserver↗2022-05-13

▶

CVEList

CVE-2011-1853: tftpserver↗2011-05-13

▶

💥Exploits & PoCs

Exploit-DB

DaqFactory 5.85 build 1853 - Stack Overflow↗2011-09-14

▶