Intrusion PreventionHP.VAN.SDN.Controller.Root.Remote.Command.Execution
Description
This indicates an attack attempt to exploit a Remote Code Execution vulnerability in HP Enterprise VAN SDN Controller.
The vulnerability is due to an default credential token being handle when the vulnerable software handles a maliciously crafted HTTP request. A remote attacker may be able to exploit this to execute arbitrary code within the context of the application, via a crafted HTTP request.
Please note that to exploit this vulnerability, the attacker either would use the default credential hard coded token, or the attacker will need to be an authenticated user.
Affected Products
HP Enterprise VAN SDN Controller 2.7.18.0503
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Please follow below guide line providing by the vendor, begin from page 129, to update service token, admin token, default sdn user password, and edit iptables.
http://h20628.www2.hp.com/km-ext/kmcsdirect/emr_na-a00003662en_us-1.pdf
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
References
44951| ID | 46329 |
| Created | Jul 18, 2018 |
| Updated | Feb 27, 2023 |
| Risk |
|
| CVE ID | |
| Default Action | drop |
| Active | |
| Affected OS | Linux |
| Affected App | HP |