// For flags

CVE-2013-6207

Hewlett-Packard SiteScope SOAP Arbitrary File Download and Denial of Service Vulnerability

Severity Score

9.4
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Unspecified vulnerability in the loadFileContents function in the SOAP implementation in HP SiteScope 10.1x, 11.1x, and 11.21 allows remote attackers to read arbitrary files or cause a denial of service via unknown vectors, aka ZDI-CAN-2084.

Vulnerabilidad no especificada en la función loadFileContents en la implementación SOAP en HP SiteScope 10.1x, 11.1x y 11.21 permite a atacantes remotos leer archivos arbitrarios o causar una denegación de servicio a través de vectores desconocidos, también conocido como ZDI-CAN-2084.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard SiteScope. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of SOAP requests. The issue lies in failure to require authentication to several SOAP endpoints. By taking advantage of this behavior, an attacker can shutdown the service or disclose administrative credentials and possibly leverage this situation to achieve remote code execution.

*Credits: Mike Arnold (Bruk0ut)
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
None
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2013-10-21 CVE Reserved
  • 2014-03-05 CVE Published
  • 2024-03-09 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Hp
Search vendor "Hp"
 Sitescope
Search vendor "Hp" for product "Sitescope"
 10.10
Search vendor "Hp" for product "Sitescope" and version "10.10"
-
Affected
Hp
Search vendor "Hp"
 Sitescope
Search vendor "Hp" for product "Sitescope"
 10.11
Search vendor "Hp" for product "Sitescope" and version "10.11"
-
Affected
Hp
Search vendor "Hp"
 Sitescope
Search vendor "Hp" for product "Sitescope"
 10.12
Search vendor "Hp" for product "Sitescope" and version "10.12"
-
Affected
Hp
Search vendor "Hp"
 Sitescope
Search vendor "Hp" for product "Sitescope"
 10.13
Search vendor "Hp" for product "Sitescope" and version "10.13"
-
Affected
Hp
Search vendor "Hp"
 Sitescope
Search vendor "Hp" for product "Sitescope"
 11.10
Search vendor "Hp" for product "Sitescope" and version "11.10"
-
Affected
Hp
Search vendor "Hp"
 Sitescope
Search vendor "Hp" for product "Sitescope"
 11.11
Search vendor "Hp" for product "Sitescope" and version "11.11"
-
Affected
Hp
Search vendor "Hp"
 Sitescope
Search vendor "Hp" for product "Sitescope"
 11.12
Search vendor "Hp" for product "Sitescope" and version "11.12"
-
Affected
Hp
Search vendor "Hp"
 Sitescope
Search vendor "Hp" for product "Sitescope"
 11.21
Search vendor "Hp" for product "Sitescope" and version "11.21"
-
Affected