Vulnerability Details : CVE-2017-5799
Potential exploit
A Remote Code Execution vulnerability in HPE OpenCall Media Platform (OCMP) was found. The vulnerability impacts OCMP versions prior to 3.4.2 RP201 (for OCMP 3.x), all versions prior to 4.4.7 RP702 (for OCMP 4.x).
Vulnerability category: Execute code
Products affected by CVE-2017-5799
- cpe:2.3:a:hp:opencall_media_platform:*:*:*:*:*:*:*:*
- cpe:2.3:a:hp:opencall_media_platform:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-5799
11.11%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 93 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-5799
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST | |
|
8.8
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2017-5799
-
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-5799
-
http://www.securityfocus.com/bid/98013
HP OpenCall Media Platform Multiple Cross Site Scripting and Remote File Include VulnerabilitiesThird Party Advisory;VDB Entry
-
https://www.exploit-db.com/exploits/41927/
HPE OpenCall Media Platform (OCMP) 4.3.2 - Cross-Site Scripting / Remote File InclusionExploit;Third Party Advisory;VDB Entry
-
https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03686en_us
HPESBGN03686 rev.1 - HPE OpenCall Media Platform (OCMP), Remote Code Execution, Cross-Site Scripting (XSS)Vendor Advisory
Jump to