Authentication Bypass Vulnerability in HP SiteScope 10.1x and 11.x
CVE-2013-4835

Currently unrated

Key Information:

Vendor
HP
Status
Sitescope
Vendor
CVE Published:
4 November 2013

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 79%

Summary

The APISiteScopeImpl SOAP service in HP SiteScope versions 10.1x and 11.x prior to 11.22 has a significant security flaw that allows remote attackers to bypass authentication mechanisms. This vulnerability can be exploited via a direct request to the issueSiebelCmd method, enabling unauthorized users to execute arbitrary code. As a result, the integrity and confidentiality of the data processed by these products may be compromised, making it crucial for users to apply the necessary patches to protect their systems.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

Metasploit exploit module for CVE-2013-4835
Created by Rapid7

References

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/doc...
vendor-advisoryx_refsource_HP
http://www.exploit-db.com/exploits/30473
exploitx_refsource_EXPLOIT-DB
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/doc...
vendor-advisoryx_refsource_HP

EPSS Score

79% chance of being exploited in the next 30 days.

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.