1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: HPE Intelligent Management Center CVE-2018-7074

Attack: HPE Intelligent Management Center CVE-2018-7074

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects the attempt to exploit Stack-based Buffer Overflow vulnerability on the affected machine.

Additional Information

MACHINE is vulnerable to Stack-based Buffer Overflow attack. Successfully exploiting these issues will allow attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the handling of the m_pkg_LimitSize parameter provided to the tftpserver. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of SYSTEM.

Affected

  • HPE Intelligent Management Center (iMC) PLAT 7.3 E0506P07

Response


  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube