Intrusion Prevention

HP.Enterprise.Vertica.ValidateAdminConfig.Command.Injection

Description

This indicates an attack attempt to exploit a Command Injection vulnerability in HP Enterprise Vertica.
The vulnerability is caused by an improper validation of user supplied data when the vulnerable application handles a maliciously crafted request. An attacker can exploit this to execute arbitrary commands in the context of the vulnerable application via a crafted request.

Affected Products

HPE Vertica 7.0.x prior to 7.0.2.12
HPE Vertica 7.1.x prior to 7.1.2-12
HPE Vertica 7.2.x prior to 7.2.2-1

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c05085303

CVE References

CVE-2016-2002