Vulnerability Details : CVE-2013-4824
Public exploit exists!
Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to bypass authentication via unknown vectors, aka ZDI-CAN-1644.
Vulnerability category: BypassGain privilege
Products affected by CVE-2013-4824
- cpe:2.3:a:hp:intelligent_management_center:*:*:*:*:*:*:*:*
- cpe:2.3:a:hp:imc_service_operation_management_software_module:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-4824
96.94%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2013-4824
-
HP Intelligent Management SOM Account Creation
Disclosure Date: 2013-10-08First seen: 2020-04-26auxiliary/admin/hp/hp_imc_som_create_accountThis module exploits a lack of authentication and access control in HP Intelligent Management, specifically in the AccountService RpcServiceServlet from the SOM component, in order to create a SOM account with Account Management permissions. This module has been test
CVSS scores for CVE-2013-4824
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2013-4824
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-4824
-
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03943547
HP Support for Technical Help and Troubleshooting | HP® Customer Service.Vendor Advisory
Jump to