CVE-2015-2120 – Hewlett-Packard SiteScope Log Analyzer Privilege Escalation Vulnerability

https://notcve.org/view.php?id=CVE-2015-2120

Unspecified vulnerability in HP SiteScope 11.1x before 11.13, 11.2x before 11.24.391, and 11.3x before 11.30.521 allows remote authenticated users to gain privileges via unknown vectors, aka ZDI-CAN-2567. Vulnerabilidad no especificada en HP SiteScope 11.1x anterior a 11.13, 11.2x anterior a 11.24.391, y 11.3x anterior a 11.30.521 permite a usuarios remotos autenticados ganar privilegios a través de vectores desconocidos, también conocido como ZDI-CAN-2567. This vulnerability allows remote attackers to read arbitrary files on vulnerable installations of Hewlett-Packard SiteScope. Authentication is required to exploit this vulnerability. The specific flaw exists within the Log Analysis Tool. This tool does not validate or restrict the log path allowing users to read the users.config file. • http://www.securityfocus.com/bid/74801 http://www.zerodayinitiative.com/advisories/ZDI-15-239 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04688784 •