CVE-2011-4162 : The (1) AddUser, (2) AddUserEx, (3) RemoveUser, (4) RemoveUserByGuide, (5) Remov

The (1) AddUser, (2) AddUserEx, (3) RemoveUser, (4) RemoveUserByGuide, (5) RemoveUserEx, and (6) RemoveUserRegardless methods in HP Protect Tools Device Access Manager (PTDAM) before 6.1.0.1 allow remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a long SidString argument.

Published 2011-12-05 11:55:07

Updated 2025-04-11 00:51:22

Source HP Inc.

View at NVD, CVE.org

Vulnerability category: Memory CorruptionExecute codeDenial of service

Products affected by CVE-2011-4162

HP » Protecttools Device Access Manager
Versions up to, including, (<=) 6.0.0.12
cpe:2.3:a:hp:protecttools_device_access_manager:*:*:*:*:*:*:*:*
Matching versions
HP » Protecttools Device Access Manager » Version: 6.0.0.9
cpe:2.3:a:hp:protecttools_device_access_manager:6.0.0.9:*:*:*:*:*:*:*
Matching versions
HP » Protecttools Device Access Manager » Version: 6.0.0.10
cpe:2.3:a:hp:protecttools_device_access_manager:6.0.0.10:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2011-4162

EPSS FAQ

18.04%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 95 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2011-4162

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2011-4162

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2011-4162

http://marc.info/?l=bugtraq&m=134152032516062&w=2

'[security bulletin] HPSBGN02750 SSRT100795 rev.1 - HP ProtectTools Enterprise Device Access Manager' - MARC
http://marc.info/?l=bugtraq&m=132284686204608&w=2

'[security bulletin] HPSBHF02723 SSRT100536 rev.1 - HP Protect Tools Device Access Manager for Window' - MARC
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/71600

HP Device Access Manager for HP ProtectTools SidString argument code execution CVE-2011-4162 Vulnerability Report
https://www.htbridge.ch/advisory/heap_memory_corruption_in_hp_device_access_manager_for_protect_tools_information_store.html

Buffer Overflow in HP Device Access Manager for Protect Tools Information Store - HTB23044 Security Advisory | ImmuniWeb
Exploit

Jump to

Vulnerability Details : CVE-2011-4162

Products affected by CVE-2011-4162

Exploit prediction scoring system (EPSS) score for CVE-2011-4162

CVSS scores for CVE-2011-4162

CWE ids for CVE-2011-4162

References for CVE-2011-4162