Details of VAR-201710-0238

ID

VAR-201710-0238

CVE

CVE-2017-5791

TITLE

HP Intelligent Management Center Authentication Bypass Vulnerability

Trust: 0.8

sources: IVD: 9d524cb8-3e42-4ad1-b19c-060573a133cb // CNVD: CNVD-2017-04316

DESCRIPTION

The doFilter method in UrlAccessController in HPE Intelligent Management Center (iMC) PLAT 7.2 E0403P06 allows remote bypass of authentication via unspecified strings in a URI. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of SYSTEM. The HP Intelligent Management Center (IMC) is a network intelligent management center solution from Hewlett Packard (HP). The solution provides network-wide visibility for comprehensive management of resources, services and users. An attacker could exploit the vulnerability to bypass the authentication mechanism and gain unauthorized access. This may aid in further attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03716en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbhf03716en_us Version: 1 HPESBHF03716 rev.1 - HPE Intelligent Management Center (IMC) PLAT, Remote Authentication Bypass NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2017-03-10 Last Updated: 2017-03-10 Potential Security Impact: Remote: Authentication Bypass Source: Hewlett Packard Enterprise, Product Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified in IMC PLAT. References: - CVE-2017-5791 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. + **iMC PLAT - Version: Fixed in IMC PLAT 7.3 E0504P02** * HP Network Products - JD125A HP IMC Std S/W Platform w/100-node - JD126A HP IMC Ent S/W Platform w/100-node - JD808A HP IMC Ent Platform w/100-node License - JD814A HP A-IMC Enterprise Edition Software DVD Media - JD815A HP IMC Std Platform w/100-node License - JD816A HP A-IMC Standard Edition Software DVD Media - JF288AAE HP Network Director to Intelligent Management Center Upgrade E-LTU - JF289AAE HP Enterprise Management System to Intelligent Management Center Upgrade E-LTU - JF377A HP IMC Std S/W Platform w/100-node Lic - JF377AAE HP IMC Std S/W Pltfrm w/100-node E-LTU - JF378A HP IMC Ent S/W Platform w/200-node Lic - JF378AAE HP IMC Ent S/W Pltfrm w/200-node E-LTU - JG546AAE HP IMC Basic SW Platform w/50-node E-LTU - JG548AAE HP PCM+ to IMC Bsc Upgr w/50-node E-LTU - JG549AAE HP PCM+ to IMC Std Upgr w/200-node E-LTU - JG747AAE HP IMC Std SW Plat w/ 50 Nodes E-LTU - JG748AAE HP IMC Ent SW Plat w/ 50 Nodes E-LTU - JG768AAE HP PCM+ to IMC Std Upg w/ 200-node E-LTU - JG550AAE HPE PCM+ Mobility Manager to IMC Basic WLAN Platform Upgrade 50-node and 150-AP E-LTU - JG590AAE HPE IMC Basic WLAN Manager Software Platform 50 Access Point E-LTU - JG660AAE HP IMC Smart Connect with Wireless Manager Virtual Appliance Edition E-LTU - JG766AAE HP IMC Smart Connect Virtual Appliance Edition E-LTU - JG767AAE HP IMC Smart Connect with Wireless Manager Virtual Appliance Edition E-LTU - JG768AAE HPE PCM+ to IMC Standard Software Platform Upgrade with 200-node E-LTU - JH704AAE Aruba IMC Std SW Plat w/50-node E-LTU - JH705AAE Aruba IMC Ent SW Plat w/50-node E-LTU **Note:** Please contact HPE Technical Support if any assistance is needed acquiring the software updates. HISTORY Version:1 (rev.1) - 7 March 2017 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com. Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX Copyright 2016 Hewlett Packard Enterprise Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJYwsojAAoJELXhAxt7SZaiADUH/RspfKBBEFI3/twdBm2+2ZH2 zE6IOHEZqI9FZ0eu9Wn1tamh8vwvf+HoY2oqISQeVljBVPbzqm+KrG5hCCFyFVNt phuymHVwAB370UHgJjwq9P4uUoiThcWDD/xR272Djay6RW2aAlSophysD/I4l2Vv ull5nZkcYcutI7cFhcHuvkP+Gv8/7vDJK4plaO9EbP2NtOgbTNv2lVM0n4X6JdTS nCGyJzu97U+18ZxuE0K0zZFFf7WHtIcOcg8BwuwXo4Op2TH2WDBkL41ybmJrfWZ5 N+fym3yXFv5G8f98QDOnoRJvrLIzf9pDEd3wee09mIW0xqfzdz7h+ZkxYg5BQSI= =+aT0 -----END PGP SIGNATURE-----

Trust: 3.42

sources: NVD: CVE-2017-5791 // JVNDB: JVNDB-2017-009403 // ZDI: ZDI-17-161 // CNVD: CNVD-2017-04316 // BID: 96815 // IVD: 9d524cb8-3e42-4ad1-b19c-060573a133cb // VULMON: CVE-2017-5791 // PACKETSTORM: 141578

IOT TAXONOMY

category:	['IoT', 'ICS']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: 9d524cb8-3e42-4ad1-b19c-060573a133cb // CNVD: CNVD-2017-04316

AFFECTED PRODUCTS

vendor:	hp	model:	intelligent management center plat	scope:	eq	version:	7.2	Trust: 1.6
vendor:	hp	model:	intelligent management center imc plat e0403p06	scope:	eq	version:	7.2	Trust: 0.9
vendor:	hewlett packard	model:	hpe intelligent management center plat	scope:	eq	version:	7.2 e0403p06	Trust: 0.8
vendor:	hewlett packard	model:	intelligent management center	scope:	-	version:	-	Trust: 0.7
vendor:	hp	model:	intelligent management center imc plat e0504p02	scope:	ne	version:	7.3	Trust: 0.3
vendor:	intelligent management center plat	model:	-	scope:	eq	version:	7.2	Trust: 0.2

sources: IVD: 9d524cb8-3e42-4ad1-b19c-060573a133cb // ZDI: ZDI-17-161 // CNVD: CNVD-2017-04316 // BID: 96815 // JVNDB: JVNDB-2017-009403 // CNNVD: CNNVD-201703-547 // NVD: CVE-2017-5791

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-5791
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2017-5791
value:	CRITICAL
Trust: 0.8
ZDI:	CVE-2017-5791
value:	HIGH
Trust: 0.7
CNVD:	CNVD-2017-04316
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201703-547
value:	CRITICAL
Trust: 0.6
IVD:	9d524cb8-3e42-4ad1-b19c-060573a133cb
value:	CRITICAL
Trust: 0.2
VULMON:	CVE-2017-5791
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-5791
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 2.6
CNVD:	CNVD-2017-04316
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	9d524cb8-3e42-4ad1-b19c-060573a133cb
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2017-5791
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: IVD: 9d524cb8-3e42-4ad1-b19c-060573a133cb // ZDI: ZDI-17-161 // CNVD: CNVD-2017-04316 // VULMON: CVE-2017-5791 // JVNDB: JVNDB-2017-009403 // CNNVD: CNNVD-201703-547 // NVD: CVE-2017-5791

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.8

sources: JVNDB: JVNDB-2017-009403 // NVD: CVE-2017-5791

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201703-547

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201703-547

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-009403

PATCH

title:	HPESBHF03716	url:	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03716en_us	Trust: 0.8
title:	Hewlett Packard Enterprise has issued an update to correct this vulnerability.	url:	https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03716en_us	Trust: 0.7
title:	HP Intelligent Management Center authentication patch that bypasses vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/91624	Trust: 0.6
title:	HP Intelligent Management Center Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=68390	Trust: 0.6

sources: ZDI: ZDI-17-161 // CNVD: CNVD-2017-04316 // JVNDB: JVNDB-2017-009403 // CNNVD: CNNVD-201703-547

EXTERNAL IDS

db:	NVD	id:	CVE-2017-5791	Trust: 4.4
db:	BID	id:	96815	Trust: 2.6
db:	ZDI	id:	ZDI-17-161	Trust: 1.8
db:	BID	id:	101224	Trust: 1.1
db:	SECTRACK	id:	1037983	Trust: 1.1
db:	CNVD	id:	CNVD-2017-04316	Trust: 0.8
db:	CNNVD	id:	CNNVD-201703-547	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-009403	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-4056	Trust: 0.7
db:	ICS CERT	id:	ICSA-17-283-02	Trust: 0.6
db:	IVD	id:	9D524CB8-3E42-4AD1-B19C-060573A133CB	Trust: 0.2
db:	VULMON	id:	CVE-2017-5791	Trust: 0.1
db:	PACKETSTORM	id:	141578	Trust: 0.1

sources: IVD: 9d524cb8-3e42-4ad1-b19c-060573a133cb // ZDI: ZDI-17-161 // CNVD: CNVD-2017-04316 // VULMON: CVE-2017-5791 // BID: 96815 // JVNDB: JVNDB-2017-009403 // PACKETSTORM: 141578 // CNNVD: CNNVD-201703-547 // NVD: CVE-2017-5791

REFERENCES

url:	http://www.securityfocus.com/bid/96815	Trust: 2.3
url:	https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbhf03716en_us	Trust: 1.9
url:	http://www.zerodayinitiative.com/advisories/zdi-17-161/	Trust: 1.1
url:	http://www.securitytracker.com/id/1037983	Trust: 1.1
url:	http://www.securityfocus.com/bid/101224	Trust: 1.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-5791	Trust: 0.9
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5791	Trust: 0.8
url:	https://ics-cert.us-cert.gov/advisories/icsa-17-283-02	Trust: 0.6
url:	http://www.hp.com/	Trust: 0.3
url:	https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbhf03716en_us	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/287.html	Trust: 0.1
url:	https://tools.cisco.com/security/center/viewalert.x?alertid=53012	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	http://www.hpe.com/support/security_bulletin_archive	Trust: 0.1
url:	https://www.hpe.com/info/report-security-vulnerability	Trust: 0.1
url:	https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499	Trust: 0.1
url:	http://www.hpe.com/support/subscriber_choice	Trust: 0.1

sources: ZDI: ZDI-17-161 // CNVD: CNVD-2017-04316 // VULMON: CVE-2017-5791 // BID: 96815 // JVNDB: JVNDB-2017-009403 // PACKETSTORM: 141578 // CNNVD: CNNVD-201703-547 // NVD: CVE-2017-5791

CREDITS

rgod

Trust: 1.6

sources: ZDI: ZDI-17-161 // BID: 96815 // CNNVD: CNNVD-201703-547

SOURCES

db:	IVD	id:	9d524cb8-3e42-4ad1-b19c-060573a133cb
db:	ZDI	id:	ZDI-17-161
db:	CNVD	id:	CNVD-2017-04316
db:	VULMON	id:	CVE-2017-5791
db:	BID	id:	96815
db:	JVNDB	id:	JVNDB-2017-009403
db:	PACKETSTORM	id:	141578
db:	CNNVD	id:	CNNVD-201703-547
db:	NVD	id:	CVE-2017-5791

LAST UPDATE DATE

2025-04-20T23:23:35.498000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-17-161	date:	2017-03-11T00:00:00
db:	CNVD	id:	CNVD-2017-04316	date:	2017-04-12T00:00:00
db:	VULMON	id:	CVE-2017-5791	date:	2018-02-17T00:00:00
db:	BID	id:	96815	date:	2017-03-16T04:01:00
db:	JVNDB	id:	JVNDB-2017-009403	date:	2017-11-10T00:00:00
db:	CNNVD	id:	CNNVD-201703-547	date:	2017-10-13T00:00:00
db:	NVD	id:	CVE-2017-5791	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	IVD	id:	9d524cb8-3e42-4ad1-b19c-060573a133cb	date:	2017-04-12T00:00:00
db:	ZDI	id:	ZDI-17-161	date:	2017-03-11T00:00:00
db:	CNVD	id:	CNVD-2017-04316	date:	2017-04-12T00:00:00
db:	VULMON	id:	CVE-2017-5791	date:	2017-10-11T00:00:00
db:	BID	id:	96815	date:	2017-03-07T00:00:00
db:	JVNDB	id:	JVNDB-2017-009403	date:	2017-11-10T00:00:00
db:	PACKETSTORM	id:	141578	date:	2017-03-10T23:23:00
db:	CNNVD	id:	CNNVD-201703-547	date:	2017-03-14T00:00:00
db:	NVD	id:	CVE-2017-5791	date:	2017-10-11T21:29:00.277