Remote code execution in HPE IMC Wireless Services Manager

#VU13049 Remote code execution in HPE IMC Wireless Services Manager

Published: 2018-05-30

Vulnerability identifier: #VU13049

Vulnerability risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-8990

CWE-ID: CWE-264

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
HPE IMC Wireless Services Manager
Web applications / Remote management & hosting panels

Vendor: HPE

Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in HPE Intelligent Management Center (iMC) Wireless Service Manager (WSM) due to unspecified error. A remote attacker can execute arbitrary code with elevated privileges.

Mitigation
Update to version 7.3 E0506P01.

Vulnerable software versions

HPE IMC Wireless Services Manager: 7.3 E0506

External links
http://support.hpe.com/hpsc/doc/public/display?docId=hpesbhf03852en_us

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Remote code execution in HPE IMC Wireless Services Manager