CVE-2011-1867 : Stack-based buffer overflow in iNodeMngChecker.exe in the User Access Manager (U

Stack-based buffer overflow in iNodeMngChecker.exe in the User Access Manager (UAM) 5.0 before SP1 E0101P03 and Endpoint Admission Defense (EAD) 5.0 before SP1 E0101P03 components in HP Intelligent Management Center (aka iNode Management Center) allows remote attackers to execute arbitrary code via a 0x0A0BF007 packet.

Published 2011-07-11 20:55:01

Updated 2025-04-11 00:51:22

Source HP Inc.

View at NVD, CVE.org

Vulnerability category: OverflowExecute code

Products affected by CVE-2011-1867

HP » Intelligent Management Center
cpe:2.3:a:hp:intelligent_management_center:*:*:*:*:*:*:*:*
Matching versions
HP » User Access Manager » Version: 5.0
cpe:2.3:a:hp:user_access_manager:5.0:*:*:*:*:*:*:*
Matching versions
HP » User Access Manager » Version: 5.0 Update E0101
cpe:2.3:a:hp:user_access_manager:5.0:e0101:*:*:*:*:*:*
Matching versions
HP » Endpoint Admission Defense » Version: 5.0 Update E0101
cpe:2.3:a:hp:endpoint_admission_defense:5.0:e0101:*:*:*:*:*:*
Matching versions
HP » Endpoint Admission Defense » Version: 5.0
cpe:2.3:a:hp:endpoint_admission_defense:5.0:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2011-1867

EPSS FAQ

45.84%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 97 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2011-1867

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2011-1867

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2011-1867

http://marc.info/?l=bugtraq&m=130982758604404&w=2

'[security bulletin] HPSB3C02687 SSRT100377 rev.1 - HP Intelligent Management Center User Access Mana' - MARC
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/68348

HP Intelligent Management Center unspecified code execution CVE-2011-1867 Vulnerability Report
http://www.securityfocus.com/bid/48527

HP Intelligent Management Centre Products 'iNodeMngChecker.exe' Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-232/

ZDI-11-232 | Zero Day Initiative
http://secunia.com/advisories/45129

Sign in
Vendor Advisory
http://securityreason.com/securityalert/8302

HP Intelligent Management Center UAM - CXSecurity.com
http://www.osvdb.org/73597

404 Not Found
http://www.securityfocus.com/archive/1/518691/100/0/threaded

SecurityFocus
http://securitytracker.com/id?1025740

HP Intelligent Management Center UAM and EAD Buffer Overflow Lets Remote Users Execute Arbitrary Code - SecurityTracker

Jump to

Vulnerability Details : CVE-2011-1867

Products affected by CVE-2011-1867

Exploit prediction scoring system (EPSS) score for CVE-2011-1867

CVSS scores for CVE-2011-1867

CWE ids for CVE-2011-1867

References for CVE-2011-1867