Update Protection against HP Power Manager Remote Code Execution
| Check Point Reference: | CPAI-2009-300 | |
| Date Published: | ||
| Severity: | ||
| Source: | Secunia: SA37276 | |
| Industry Reference(s): | CVE-2009-2685 | |
| Protection Provided by: |
VPN-1
|
|
| Who is Vulnerable? HP Power Manager | ||
| Vulnerability Description A remote code execution vulnerability exists within HP Power Manager, a web-based application for managing a HP Uninterruptible Power System (UPS). The vulnerability is due to insufficient bounds checking in the HP Power Manager while processing URL parameters in the login form of the web based management web server. Remote attackers can exploit this vulnerability by sending malicious HTTP requests to the target. Successful exploitation could result in execution of arbitrary code. |
||
|
Update/Patch Available The vendor, HP, has released an advisory addressing this vulnerability: HP Support |
|
|
Vulnerability Details The vulnerability is due to lack of input validation of the Login variable on HTTP requests sent to the URI /goform/formLogin. |
Protection Overview
By enabling this protection, IPS-1 will detect and block HTTP requests to the HP Power Manager UPS management system with malformed username parameters.
In order for the protection to be activated, update your product to the latest update. For information on how to update , go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.