Vulnerability Details : CVE-2016-4396
HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a "Buffer Overflow" issue.
Vulnerability category: Overflow
Products affected by CVE-2016-4396
- cpe:2.3:a:hp:system_management_homepage:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-4396
1.46%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 79 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-4396
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:C/A:N |
10.0
|
6.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2016-4396
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-4396
-
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
HPSBMU03691 rev.1 - HPE Insight Control, Multiple Remote Vulnerabilities
-
http://www.zerodayinitiative.com/advisories/ZDI-16-588
ZDI-16-588 | Zero Day Initiative
-
http://www.securityfocus.com/bid/93961
HP System Management Homepage Multiple Security Vulnerabilities
-
https://www.tenable.com/security/research/tra-2016-32
[R1] HP System Management Homepage (SMH) Multiple Remote Stack Buffer Overflows - Research Advisory | TenableĀ®
-
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05320149
HPSBMU03653 rev.1 - HPE System Management Homepage (SMH), Remote Arbitrary Code Execution, Cross-Site Scripting (XSS), Denial of Service (DoS), Unauthorized Disclosure of InformationVendor Advisory
Jump to