CVE-2009-2685

Currently unrated

Key Information:

Vendor
HP
Status
Power Manager
Vendor
CVE Published:
6 November 2009

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 81%

Summary

Stack-based buffer overflow in the login form in the management web server in HP Power Manager allows remote attackers to execute arbitrary code via the Login variable.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2009-2685
Created by rflemen

References

http://www.osvdb.org/59684
vdb-entryx_refsource_OSVDB
http://www.securityfocus.com/bid/36933
vdb-entryx_refsource_BID
http://www.vupen.com/english/advisories/2009/3154
vdb-entryx_refsource_VUPEN

EPSS Score

81% chance of being exploited in the next 30 days.

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.