CVE-2017-5812
Hewlett Packard Enterprise Network Automation PermissionFilter Authentication Bypass Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A remote sql information disclosure vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found.
Se ha encontrado una vulnerabilidad de divulgación de información sql remota en HPE Network Automation 9.1x, 9.2x, 10.0x, 10.1x y 10.2x.
This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Hewlett Packard Enterprise Network Automation. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the PermissionFilter class. This class contains a method that will allow for access to an associated servlet allowing for an attacker to bypass authentication if the URI starts with a specific string. By providing that string, and a directory traversal that follows it, an attacker is able to reach any URI that would map to that servlet without authentication.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-02-01 CVE Reserved
- 2017-05-05 CVE Published
- 2024-09-17 CVE Updated
- 2024-10-28 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/98331 | Third Party Advisory | |
| http://www.securitytracker.com/id/1038407 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03740en_us | 2018-03-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Hp Search vendor "Hp" | Network Automation Search vendor "Hp" for product "Network Automation" | 9.10 Search vendor "Hp" for product "Network Automation" and version "9.10" | - |
Affected
| ||||||
| Hp Search vendor "Hp" | Network Automation Search vendor "Hp" for product "Network Automation" | 9.20 Search vendor "Hp" for product "Network Automation" and version "9.20" | - |
Affected
| ||||||
| Hp Search vendor "Hp" | Network Automation Search vendor "Hp" for product "Network Automation" | 9.22 Search vendor "Hp" for product "Network Automation" and version "9.22" | - |
Affected
| ||||||
| Hp Search vendor "Hp" | Network Automation Search vendor "Hp" for product "Network Automation" | 9.22.01 Search vendor "Hp" for product "Network Automation" and version "9.22.01" | - |
Affected
| ||||||
| Hp Search vendor "Hp" | Network Automation Search vendor "Hp" for product "Network Automation" | 9.22.02 Search vendor "Hp" for product "Network Automation" and version "9.22.02" | - |
Affected
| ||||||
| Hp Search vendor "Hp" | Network Automation Search vendor "Hp" for product "Network Automation" | 10.00 Search vendor "Hp" for product "Network Automation" and version "10.00" | - |
Affected
| ||||||
| Hp Search vendor "Hp" | Network Automation Search vendor "Hp" for product "Network Automation" | 10.00.01 Search vendor "Hp" for product "Network Automation" and version "10.00.01" | - |
Affected
| ||||||
| Hp Search vendor "Hp" | Network Automation Search vendor "Hp" for product "Network Automation" | 10.00.02 Search vendor "Hp" for product "Network Automation" and version "10.00.02" | - |
Affected
| ||||||
| Hp Search vendor "Hp" | Network Automation Search vendor "Hp" for product "Network Automation" | 10.10 Search vendor "Hp" for product "Network Automation" and version "10.10" | - |
Affected
| ||||||
| Hp Search vendor "Hp" | Network Automation Search vendor "Hp" for product "Network Automation" | 10.11 Search vendor "Hp" for product "Network Automation" and version "10.11" | - |
Affected
| ||||||
| Hp Search vendor "Hp" | Network Automation Search vendor "Hp" for product "Network Automation" | 10.21 Search vendor "Hp" for product "Network Automation" and version "10.21" | - |
Affected
| ||||||