In association with heise online

11 June 2013, 13:07

Multiple vulnerabilities found in HP Insight Diagnostics

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

HP logo

Multiple vulnerabilities have been found lurking in HP's server management application Insight Diagnostics. When combined with each other the gaps can allow an attacker to execute arbitrary PHP code with administrators rights on the servers. There is no patch for the vulnerabilities so far.

The vulnerabilities, identified as CVE-2013-3573, CVE-2013-3574 and CVE-2013-3575, exist in version of the software and, possibly earlier versions. A remote attacker will need to be authenticated for the comined vulnerabilities to be exploitable. The holes were found by Markus Wulftange from Daimler TSS who recorded and reported the flaws to the vendor.

Since there is no fix available, the US-CERT advises users to follow good security practice and restrict network access to the software and only allow connections from trusted hosts and networks.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit