CVE-2019-5390
published 2019-06-05CVE-2019-5390: A remote command injection vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
PriorityP263critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
4.36%
90.0th percentile
A remote command injection vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hp | intelligent_management_center | < 7.3 | 7.3 |
| hp | intelligent_management_center | — | — |
Detection & IOCsextracted from sources · hover to see the quote
bytes↗
\xff\xff\xff\x00
- →Detect large allocation-size DoS attempts against dbman on port 2810: look for 4-byte payloads beginning with 0xFFFFFF sent to TCP port 2810 ↗
- →Monitor for command 10018 (dbman.conf variable injection) sent to dbman, especially setting BackHoseIp, BackupTime, or BackupTimeMinute variables, which are precursor steps to the stack buffer overflow and command injection exploit chain ↗
- →Alert on unexpected termination and restart of dbman.exe under imcsysdm.exe, which may indicate the attacker-induced DoS step used to force a dbman restart with a poisoned dbman.conf ↗
- →Look for stack buffer overrun indicators in dbman.exe crash dumps: EIP/return address overwritten with 0x41414141 pattern is a sign of active exploitation ↗
- ·HPE iMC 7.3 E0703 only partially patched CVE-2019-5390: it enforces encryption for commands 10000 and 10002 but leaves command 10018 unencrypted, meaning the configuration injection step of the exploit chain remains unauthenticated and unencrypted in that version ↗
- ·The root cause of CVE-2019-5390 was not addressed in 7.3 E0703; the attacker can bypass the encryption requirement by using the DoS vulnerability to force a dbman restart, which re-triggers the stack overflow from the already-injected dbman.conf ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Tenable
HPE iMC 7.3 E0703 Multiple Vulnerabilities
blogs_tenable·2019-09-25
HPE iMC 7.3 E0703 Multiple Vulnerabilities
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
HPE iMC 7.3 E0605P06 Multiple Vulnerabilities
blogs_tenable·2019-03-20
HPE iMC 7.3 E0605P06 Multiple Vulnerabilities
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
2019-06-05
Published