CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2015-0949
https://notcve.org/view.php?id=CVE-2015-0949
The System Management Mode (SMM) implementation in Dell Latitude E6430 BIOS Revision A09, HP EliteBook 850 G1 BIOS revision L71 Ver. 01.09, and possibly other BIOS implementations does not ensure that function calls operate on SMRAM memory locations, which allows local users to bypass the Secure Boot protection mechanism and gain privileges by leveraging write access to physical memory. La implementación de System Management Mode (SMM) en Dell Latitude E6430 BIOS Revisión A09, HP EliteBook 850 G1 BIOS revisión L71 Versión 01.09, y posiblemente otras implementaciones de BIOS, no aseguran que las llamadas de función operen en ubicaciones de memoria SMRAM, lo que permite a usuarios locales omitir el mecanismo de protección Secure Boot y alcanzar privilegios mediante el aprovechamiento del acceso de escritura a la memoria física. • http://www.kb.cert.org/vuls/id/631788 • CWE-269: Improper Privilege Management •
CVSS: 9.0EPSS: 0%CPEs: 24EXPL: 0CVE-2020-24630 – Hewlett Packard Enterprise Intelligent Management Center operatorOnlineList_content Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-24630
A remote operatoronlinelist_content privilege escalation vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). Se detectó una vulnerabilidad de escalada de privilegios remota de operatoronlinelist_content en HPE Intelligent Management Center (iMC): versión(es): anteriores a iMC PLAT 7.3 (E0705P07) This vulnerability allows remote attackers to escalate privileges on affected installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the operatorOnlineList_content.xhtml or operatorOnlineList_contentOnly.xhtml endpoint. The issue results from displaying sensitive information without authentication as an admin user. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04036en_us •
CVSS: 10.0EPSS: 0%CPEs: 24EXPL: 0CVE-2020-24652 – Hewlett Packard Enterprise Intelligent Management Center addVsiInterfaceInfo Expression Language Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-24652
A addvsiinterfaceinfo expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). Se detectó una vulnerabilidad de ejecución de código remota de una inyección de lenguaje de expresiones de addvsiinterfaceinfo en HPE Intelligent Management Center (iMC): versión(es): anteriores a iMC PLAT 7.3 (E0705P07) This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the beanName parameter provided to the addVsiInterfaceInfo.xhtml endpoint. When parsing the beanName parameter, the process does not properly validate a user-supplied string before using it to render a page. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04036en_us • CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •
CVSS: 10.0EPSS: 0%CPEs: 24EXPL: 0CVE-2020-7141 – Hewlett Packard Enterprise Intelligent Management Center addDeviceToView Expression Language Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-7141
A adddevicetoview expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). Se detectó una vulnerabilidad de ejecución de código remota de una inyección de lenguaje de expresiones de adddevicetoview en HPE Intelligent Management Center (iMC): versión(es): anteriores a iMC PLAT 7.3 (E0705P07) This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the beanName parameter provided to the addDeviceToView.xhtml endpoint. When parsing the beanName parameter, the process does not properly validate a user-supplied string before using it to render a page. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04036en_us • CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •
CVSS: 10.0EPSS: 1%CPEs: 24EXPL: 0CVE-2020-24646 – Hewlett Packard Enterprise Intelligent Management Center tftpserver Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-24646
A tftpserver stack-based buffer overflow remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). Se detectó una vulnerabilidad de ejecución de código remota de desbordamiento de búfer en la región stack de la memoria de tftpserver en HPE Intelligent Management Center (iMC): versión(es): anteriores a iMC PLAT 7.3 (E0705P07) This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the val1 parameter provided to the tftpserver component. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04036en_us • CWE-787: Out-of-bounds Write •