CVE-2017-5815
published 2018-02-15CVE-2017-5815: A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
PriorityP178critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
34.24%
98.2th percentile
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hewlett_packard_enterprise | intelligent_management_center_plat | — | — |
| hp | intelligent_management_center | < 7.3 | 7.3 |
| hp | intelligent_management_center | — | — |
Detection & IOCsextracted from sources · hover to see the quote
bytes↗
Forwarded From:
bytes↗
Quidview
- →Monitor for oversized UDP packets to port 514 on iMC hosts where the payload begins with 'Forwarded From:' but lacks 'Quidview', especially with payloads exceeding 48 bytes after the marker. ↗
- →The imcsyslogdm process file descriptor 27 (occasionally 28) bound to UDP/65535 is reused by the exploit for second-stage payload delivery; anomalous UDP traffic to port 65535 on iMC hosts should be investigated. ↗
- ·ROP gadget addresses and BSS offsets are specific to iMC 7.2 E0403P10 (imcsyslogdm MD5: 8b06adbd3d47a372358d9106e659d9b2); they will differ on other versions including the patched 7.3 E0504P04. ↗
- ·The command executed via system() is limited to approximately 470 bytes in this exploit implementation. ↗
- ·After exploitation, the syslog message handling thread enters an infinite loop, breaking the syslog forwarding function of imcsyslogdm. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2018-02-15
Published