SSL: Hewlett Packard Enterprise Vertica validateAdminConfig Remote Command Injection

A remote command injection vulnerability exists in the Management Console for Hewlett Packard Enterprise Vertica. Successful exploitation would allow the attacker to execute arbitrary OS commands in the underlying system as root privileges.

Extended Description

The validateAdminConfig handler in the Analytics Management Console in HPE Vertica 7.0.x before 7.0.2.12, 7.1.x before 7.1.2-12, and 7.2.x before 7.2.2-1 allows remote attackers to execute arbitrary commands via the mcPort parameter, aka ZDI-CAN-3417.

Affected Products

Hp vertica

References

CVE: CVE-2016-2002

Short Name
SSL:HEWLETT-PACKARD-VERTICA-RCI
Severity
Major
Recommended
True
Recommended Action
Drop
Category
SSL
Keywords
CVE-2016-2002 Command Enterprise Hewlett Injection Packard Remote Vertica validateAdminConfig
Release Date
08/04/2016
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3375
False Positive
Unknown
Vendors

Hp

CVSS Score

10.0

Found a potential security threat?