Absolute Path Traversal Vulnerability in HP Insight Diagnostics by HP
CVE-2013-3574

Currently unrated

Key Information:

Vendor: HP
Status: Insight Diagnostics
Vendor: CVE Published:; 14 June 2013

Summary

The absolute path traversal vulnerability in HP Insight Diagnostics 9.4.0.4710 enables remote attackers to manipulate the devicePath parameter, potentially allowing unauthorized data writing to arbitrary files on the server. By exploiting this flaw, attackers could alter configurations or compromise system integrity, thereby posing significant risks to the overall security architecture. It is crucial for users of HP Insight Diagnostics to apply security updates to safeguard against potential exploits leveraging this vulnerability.

References

http://www.kb.cert.org/vuls/id/324668

third-party-advisoryx_refsource_CERT-VN

EPSS Score

14% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jun 14, 2013