// For flags

CVE-2017-5818

Hewlett Packard Enterprise Intelligent Management Center dbman Opcode 10007 Arbitrary File Deletion Denial of Service Vulnerability

Severity Score

7.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.

Se ha encontrado una vulnerabilidad de ejecución remota de código en HPE Intelligent Management Center (iMC) PLAT 7.3 E0504P04.

This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the dbman service, which listens on TCP port 2810 by default. The issue results from the lack of validation of file paths sent to an unlink call. This could all for the deletion of any file accessible by SYSTEM.

*Credits: szitivi
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-02-01 CVE Reserved
  • 2017-05-14 CVE Published
  • 2024-09-16 CVE Updated
  • 2024-09-18 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-20: Improper Input Validation
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Hp
Search vendor "Hp"
Intelligent Management Center
Search vendor "Hp" for product "Intelligent Management Center"
< 7.3
Search vendor "Hp" for product "Intelligent Management Center" and version " < 7.3"
-
Affected
Hp
Search vendor "Hp"
Intelligent Management Center
Search vendor "Hp" for product "Intelligent Management Center"
7.3
Search vendor "Hp" for product "Intelligent Management Center" and version "7.3"
-
Affected
Hp
Search vendor "Hp"
Intelligent Management Center
Search vendor "Hp" for product "Intelligent Management Center"
7.3
Search vendor "Hp" for product "Intelligent Management Center" and version "7.3"
e0503p02
Affected
Hp
Search vendor "Hp"
Intelligent Management Center
Search vendor "Hp" for product "Intelligent Management Center"
7.3
Search vendor "Hp" for product "Intelligent Management Center" and version "7.3"
e0504p02
Affected