CVE-2013-4835

Currently unrated

Key Information:

Vendor
HP
Status
Sitescope
Vendor
CVE Published:
4 November 2013

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 97%

Summary

The APISiteScopeImpl SOAP service in HP SiteScope 10.1x and 11.x before 11.22 allows remote attackers to bypass authentication and execute arbitrary code via a direct request to the issueSiebelCmd method, aka ZDI-CAN-1765.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

Metasploit exploit module for CVE-2013-4835
Created by Rapid7

References

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/doc...
vendor-advisoryx_refsource_HP
http://www.exploit-db.com/exploits/30473
exploitx_refsource_EXPLOIT-DB
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/doc...
vendor-advisoryx_refsource_HP

EPSS Score

97% chance of being exploited in the next 30 days.

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.