漏洞标题
N/A
漏洞描述信息
发现了一个潜在的安全漏洞,在HPE Moonshot Provisioning Manager v1.20中。HPE Moonshot Provisioning Manager是一个在VMware或Microsoft Hyper-V环境中安装的应用,用于设置和配置HPE Moonshot 1500底盘。这个漏洞可能会被无验证用户远程利用,导致在用户提供的输入中进行目录遍历,以执行`khuploadfile.cgi`CGI ELF。目录遍历可能导致远程代码执行、拒绝服务以及/或破坏系统完整性。 **注意:** HPE建议客户停止使用HPE Moonshot Provisioning Manager。HPE Moonshot Provisioning Manager应用程序已被停止,不再支持,无法从HPE支持中心下载,也没有可用的补丁。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
A potential security vulnerability has been identified in the HPE Moonshot Provisioning Manager v1.20. The HPE Moonshot Provisioning Manager is an application that is installed in a VMWare or Microsoft Hyper-V environment that is used to setup and configure an HPE Moonshot 1500 chassis. This vulnerability could be remotely exploited by an unauthenticated user to cause a directory traversal in user supplied input to the `khuploadfile.cgi` CGI ELF. The directory traversal could lead to Remote Code Execution, Denial of Service, and/or compromise system integrity. **Note:** HPE recommends that customers discontinue the use of the HPE Moonshot Provisioning Manager. The HPE Moonshot Provisioning Manager application is discontinued, no longer supported, is not available to download from the HPE Support Center, and no patch is available.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
HPE Moonshot Provisioning Manager 路径遍历漏洞
漏洞描述信息
HPE Moonshot Provisioning Manager v1.20之前版本中存在路径遍历漏洞,该漏洞源于错误处理用户输入从而导致遍历目录引发khuploadfile.cgi,攻击者可通过该漏洞导致远程代码执行、拒绝服务和/或损害系统完整性。
CVSS信息
N/A
漏洞类别
路径遍历