Arbitrary code execution in HPE RESTful Interface Tool

Published: 2017-11-03 11:33:35
Severity Low
Patch available YES
Number of vulnerabilities 1
CVSSv2 5.3 (AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
CVSSv3 7.5 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE ID CVE-2017-8968
CWE ID CWE-264
Exploitation vector Local
Public exploit Not available
Vulnerable software RESTful Interface Tool
Vulnerable software versions RESTful Interface Tool 2.0
RESTful Interface Tool 1.5
Vendor URL HPE
Advisory type Public

Security Advisory

1) Arbitrary code execution

Description

The vulnerability allows a local attacker to execute arbitrary code on a targeted system.

The weakness exists in HPE RESTful Interface Tool (iLOREST) due to an unspecified condition. A local attacker can execute arbitrary code and compromise the vulnerable system.

Remediation

Update to version 2.1.

External links

https://support.hpe.com/hpsc/doc/public/display?docId=hpesbhf03796en_us

Back to List