HP Converged Infrastructure Solution Sizer Suite 2.13.0 Execute Code Vulnerability

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Home
Ask the Team
Mailing Lists
Advertising Info
Advisories
About SecuriTeam
Blogs

Brought to you by:

Suppliers of:

SecuriTeam in Your Inbox

New vulnerability?
New tool?
Tell us
(Our PGP key).

Network Enabled

Discount: SecuriTeam5_SANS

Promo With Us

Subjects of Interest:
Vulnerability Management
SQL Injection
Buffer Overflows
Active Network Scanning
Fuzzing
Fuzzer Report
Network Security
Network Scanner
Pen Testing
Security Scanner
Scanner Review
Fuzzer Review
Web Scanner Review

A potential security vulnerability has been identified in HPE Enterprise Solution Sizers and Storage Sizer running Smart Update. The vulnerability could be exploited remotely to allow arbitrary code execution.

Credit:
The original article can be found at: https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05237578

Free Website Security Scan	Free Fuzzer Report	Vulnerability Assessment
Detect web app vulnerabilities	University study comparing the top	Accurate and automated scanning
Get guidance from professionals.	6 commercially availble fuzzers.	for networks of any size.

Protect your website!
Free Trial, Nothing to install.
No interruption of visitors.
www.beyondsecurity.com/vulnerability-scanner

Vulnerable Systems:
* HP Converged Infrastructure Solution Sizer Suite 2.13.0
* HP Insight Management Sizer 16.12.0
* HP Power Advisor 7.8.1
* HP Sap Sizing Tool 16.12.0
* HP Sizer For Converged Systems Virtualization 16.7.0
* HP Sizer For Microsoft Exchange Server 2010 16.12.0
* HP Sizer For Microsoft Exchange Server 2013 16.12.0
* HP Sizer For Microsoft Exchange Server 2016 16.12.0
* HP Sizer For Microsoft Lync Server 2013 16.12.0
* HP Sizer For Microsoft Sharepoint 2010 16.11.0
* HP Sizer For Microsoft Sharepoint 2013 16.13.0
* HP Sizer For Microsoft Skype For Business Server 2015 16.5.0
* HP Sizing Tool For Sap Business Suite Powered By Hana 16.11.0
* HP Storage Sizing Tool 13
* HP Synergy Planning Tool 3.2

HPE Smart Update in Storage Sizing Tool before 13.0, Converged Infrastructure Solution Sizer Suite (CISSS) before 2.13.1, Power Advisor before 7.8.2, Insight Management Sizer before 16.12.1, Synergy Planning Tool before 3.3, SAP Sizing Tool before 16.12.1, Sizing Tool for SAP Business Suite powered by HANA before 16.11.1, Sizer for ConvergedSystems Virtualization before 16.7.1, Sizer for Microsoft Exchange Server before 16.12.1, Sizer for Microsoft Lync Server 2013 before 16.12.1, Sizer for Microsoft SharePoint 2013 before 16.13.1, Sizer for Microsoft SharePoint 2010 before 16.11.1, and Sizer for Microsoft Skype for Business Server 2015 before 16.5.1 allows remote attackers to execute arbitrary code via vectors.

CVE Information:
CVE-2016-4377

Disclosure Timeline:
Publish Date : 2016-08-22
Last Update Date : 2016-08-25

blog comments powered by Disqus

	Wepresent Wipg-1500 Firmware 1.0.3.7 Remote Code Execution Vulnerability
	Tcpdump Overflow Vulnerability
	Tcpdump 4.8.1 parsers Overflow Vulnerability
	Tcpdump 4.8.1 ISO CLNS Overflow Vulnerability
	Puppetlabs Mcollective-puppet-agent 1.11.0 option Execute Code Vulnerability
	Phpipam 1.2 Execute Code Cross Site Scripting Vulnerability
	Oracle Weblogic Server 10.3.6.0 takeover Remote Code Execution Vulnerability
	Oracle Universal Work Queue 12.1.1 accessible Remote Code Execution Vulnerability
	Oracle Siebel Ui Framework 16.1 update delete insert Remote Code Execution Vulnerability
	Oracle Partner Management 12.1.1 HTTP Remote Code Execution Vulnerability
	Oracle One-to-one Fulfillment 12.1.2 HTTP Remote Code Execution Vulnerability
	Oracle Mysql 5.7.16 unauthorized Remote Code Execution Vulnerability
	Oracle Marketing 12.1.1 Base Remote Code Execution Vulnerability
	Oracle JRE 1.6 web service Remote Code Execution Vulnerability
	Oracle Flexcube Universal Banking 12.2.0 Denial Of Service Vulnerability
	Oracle Flexcube Private Banking 12.0.1 CVSS Remote Code Execution Vulnerability
	Oracle Advanced Outbound Telephony 12.1.3 unauthorized Remote Code Execution Vulnerability
	Mybb Merge System 1.8.6 MyBulletinBoard Cross Site Scripting Vulnerability
	Cryptopp Crypto++ 5.6.4 octets Remote Code Execution Vulnerability
	Wireshark Overflow Vulnerability

Featured Articles

	Oracle Partner Management 12.1.1 HTTP Remote Code Execution Vulnerability
	Mp3splt 2.6.2 crafted Denial Of Service Vulnerability
	Trend Micro Smart Protection Server 3 webapps Execute Code Vulnerability
	Wordpress 4.7.1 commands Execute Code Sql Injection Vulnerability
	Oracle Istore 12.1.1 Successful Remote Code Execution Vulnerability
	Samsung Knox 1.0 Remote Code Execution Vulnerability
	Rapid7 Metasploit 4.13.0-2017012501 application Remote Code Execution Vulnerability
	Cisco IOS 15.2(2)e3 Denial Of Service Obtain Information Vulnerability
	Oracle Knowledge Management 12.1.1 critical data Remote Code Execution Vulnerability
	Siemens Sinumerik Integrate Operate Client modify Obtain Information Vulnerability
	Trend Micro Smart Protection Server 2.6 commands Execute Code Vulnerability
	Google Android 7.1.0 Mediaserver Execute Code Overflow Memory corruption Vulnerability
	Cisco Netflow Generation Appliance 1.0(2) Cross Site Scripting Vulnerability
	Adobe Acrobat Dc 15.006.30244 Execute Code Overflow Vulnerability
	Google Android 6.0.1 context Execute Code Overflow Memory corruption Vulnerability
	Cisco Unified Communications Manager 11.5(1.12000.1) Cross Site Scripting Bypass a restriction or similar Vulnerability
	Adobe Acrobat Dc 15.006.30244 Execute Code Overflow Memory corruption Vulnerability
	Oracle Marketing 12.2.6 Base Score Remote Code Execution Vulnerability
	Google Android 7 context Execute Code Overflow Memory corruption Vulnerability
	Cisco Webex Meeting Center Wbs28 Base Remote Code Execution Vulnerability

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus - Blogs - CVEs