CVE-2010-0444

HP Operations Agent 8.51, 8.52, 8.53, and 8.60 on Solaris 10 uses a blank password for the opc_op account, which allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://marc.info/?l=bugtraq&m=126566258722040&w=2	Vendor Advisory
http://osvdb.org/62213
http://securitytracker.com/id?1023555
http://www.securityfocus.com/bid/38150

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:hp:operations_agent:8.51:::::::*
	cpe:2.3:a:hp:operations_agent:8.52:::::::*
	cpe:2.3:a:hp:operations_agent:8.53:::::::*
	cpe:2.3:a:hp:operations_agent:8.60:::::::*

OR	cpe:2.3:o:sun:solaris:10::sparc:::::
	cpe:2.3:o:sun:solaris:10::x86:::::

History

No history.

Information

Published : 2010-02-09 19:30

Updated : 2010-02-13 07:22

NVD link : CVE-2010-0444

Mitre link : CVE-2010-0444

CVE.ORG link : CVE-2010-0444

JSON object : View

Products Affected

sun

solaris

hp

operations_agent

CWE

CWE-255

Credentials Management Errors

{"id": "CVE-2010-0444", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2010-02-09T19:30:00.500", "references": [{"url": "http://marc.info/?l=bugtraq&m=126566258722040&w=2", "tags": ["Vendor Advisory"], "source": "hp-security-alert@hp.com"}, {"url": "http://osvdb.org/62213", "source": "hp-security-alert@hp.com"}, {"url": "http://securitytracker.com/id?1023555", "source": "hp-security-alert@hp.com"}, {"url": "http://www.securityfocus.com/bid/38150", "source": "hp-security-alert@hp.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-255"}]}], "descriptions": [{"lang": "en", "value": "HP Operations Agent 8.51, 8.52, 8.53, and 8.60 on Solaris 10 uses a blank password for the opc_op account, which allows remote attackers to execute arbitrary code via unspecified vectors."}, {"lang": "es", "value": "HP Operations Agent v8.51, v8.52, v8.53, y v8.60 en Solaris v10 utiliza una contrase\u00f1a en blanco en la cuenta opc_op, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores desconocidos."}], "lastModified": "2010-02-13T07:22:34.313", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hp:operations_agent:8.51:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8871FAEC-384E-4474-A3C1-36282C5F0B55"}, {"criteria": "cpe:2.3:a:hp:operations_agent:8.52:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC9891AE-1111-4F33-80F0-67CC6752F99E"}, {"criteria": "cpe:2.3:a:hp:operations_agent:8.53:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5DCC7E2F-90D5-479F-939E-D4C49BB90A49"}, {"criteria": "cpe:2.3:a:hp:operations_agent:8.60:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0A67A3D1-0F93-4FAA-A560-996634E6A77D"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sun:solaris:10:*:sparc:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7FBA68F0-4577-46F5-A754-D365B6EFF872"}, {"criteria": "cpe:2.3:o:sun:solaris:10:*:x86:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E79CFAA6-A08A-4C70-A3D9-B02C29A17FF2"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "hp-security-alert@hp.com"}