cbcvebase.
CVE-2013-4824
published 2013-10-13

CVE-2013-4824: Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to bypass…

PriorityP266high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
23.93%
97.6th percentile
Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to bypass authentication via unknown vectors, aka ZDI-CAN-1644.

Detection & IOCsextracted from sources · hover to see the quote

url/imc/svm/webservice/AccountService
path/imc/svm/webservice/AccountService
  • Monitor for unauthenticated POST requests to the AccountService RpcServiceServlet endpoint in HP iMC SOM component, which can be used to create privileged accounts without authentication.
  • Alert on unexpected account creation events in HP iMC SOM originating from remote/external sources, particularly granting Account Management permissions.
  • ·Vulnerability affects specific versions: HP iMC 5.2 E0401, 5.1 E202 with SOM 5.2 E0401 and SOM 5.1 E0201; exploitation confirmed on Windows 2003 SP2 targets.
  • ·The exact attack vectors are unspecified in the NVD advisory; operational detail is only available via the Metasploit module and ZDI-CAN-1644 advisory.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.