Vulnerability Details : CVE-2016-4395
HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a "Buffer Overflow" issue.
Vulnerability category: Overflow
Products affected by CVE-2016-4395
- cpe:2.3:a:hp:system_management_homepage:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-4395
7.98%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 95 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-4395
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:C/A:N |
10.0
|
6.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2016-4395
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-4395
-
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
HPSBMU03691 rev.1 - HPE Insight Control, Multiple Remote Vulnerabilities
-
http://www.securityfocus.com/bid/93961
HP System Management Homepage Multiple Security Vulnerabilities
-
http://www.zerodayinitiative.com/advisories/ZDI-16-587
ZDI-16-587 | Zero Day Initiative
-
https://www.tenable.com/security/research/tra-2016-32
[R1] HP System Management Homepage (SMH) Multiple Remote Stack Buffer Overflows - Research Advisory | TenableĀ®
-
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05320149
HPSBMU03653 rev.1 - HPE System Management Homepage (SMH), Remote Arbitrary Code Execution, Cross-Site Scripting (XSS), Denial of Service (DoS), Unauthorized Disclosure of InformationVendor Advisory
Jump to