HP ProCurve Threat Management Services zl Module CRL 安全绕过漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1117952 漏洞类型 其他
发布时间 2009-06-13 更新时间 2009-07-13
CVE编号 CVE-2009-1422 CNNVD-ID CNNVD-200907-212
漏洞平台 Multiple CVSS评分 10.0
|漏洞来源
https://www.exploit-db.com/exploits/33078
https://www.securityfocus.com/bid/35659
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200907-212
|漏洞详情
HP ProCurve Threat Management Services zl Module (J9155A) ST.1.0.090213与其早期版本中的未知漏洞会允许远程攻击者通过未知向量,aka PR_41209来获得特权。
|漏洞EXP
source: http://www.securityfocus.com/bid/35659/info

HP ProCurve Threat Management Services zl Module is prone to a security-bypass vulnerability.

Successful exploits may allow attackers to bypass certain security restrictions, which may aid in launching further attacks.

ProCurve Threat Management Services zl Module J9155A running vST.1.0.090213 firmware or prior is vulnerable.

1. Go to VPN-->Certificates--> CRL page and load a CRL list.
2. Save the entire configuration.
3. Reboot the TMS zl Module.
4. Once the TMS zl Module is available, go to VPN--> Certificates--> CRL page and the CRL is no longer available.
|受影响的产品
HP ProCurve Threat Mgmt Services zl Module (J9155A) ST.1.0.090213
|参考资料

来源:HP
名称:HPSBGN02446
链接:http://marc.info/?l=bugtraq&m=124751363528317&w=2
来源:HP
名称:HPSBGN02446
链接:http://marc.info/?l=bugtraq&m=124751363528317&w=2
来源:VUPEN
名称:ADV-2009-1869
链接:http://www.vupen.com/english/advisories/2009/1869
来源:SECTRACK
名称:1022536
链接:http://www.securitytracker.com/id?1022536