Attacker Value
Very High
(1 user assessed)
Exploitability
Very High
(1 user assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2013-3576

Disclosure Date: June 14, 2013
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

ginkgosnmp.inc in HP System Management Homepage (SMH) allows remote authenticated users to execute arbitrary commands via shell metacharacters in the PATH_INFO to smhutil/snmpchp.php.en.

Add Assessment

1
Ratings
  • Attacker Value
    Very High
  • Exploitability
    Very High
Technical Analysis

this product runs as SYSTEM by default, and the exploit is quite reliable (thanks sinn3r), therefore when found this will be an easy win.
not so common nowdays but still present on some old setup.

plus, as far as i saw this product was in place just because of a default installation.
hoply, this will be discontinued with windows7 EOS.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Vendors

  • hp

Products

  • system management homepage

Additional Info

Technical Analysis