Multiple vulnerabilities in HP Operations Manager for UNIX and Linux

1) Man-in-the-middle attack

EUVDB-ID: #VU86

Risk: Medium

CVSSv4.0: 6.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:A/U:Green]

CVE-ID: CVE-2015-4000

CWE-ID: CWE-300 - Channel Accessible by Non-Endpoint ('Man-in-the-Middle')

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to decrypt TLS connections in certain situations.

The vulnerability exists due to boundary error when parsing HTTP requests. A remote unauthenticated attacker can conduct a man-in-the-middle attack that can lead to the target system to downgrade the Diffie-Hellman algorithm to 512-bit export-grade cryptography.

Successful exploitation of this vulnerability may result in modification of authentication information

Mitigation

Install update from vendor's website.

Vulnerable software versions

HP Operations Manager for Linux: 9.10 - 9.21

HP Operations Manager for Unix: 9.10 - 9.21

CPE2.3

• cpe:2.3::hewlett_packard_enterprise_development_lp:hp_operations_manager_for_linux:9.10:*:*:*:*:*:*:*
• cpe:2.3::hewlett_packard_enterprise_development_lp:hp_operations_manager_for_linux:9.11:*:*:*:*:*:*:*
• cpe:2.3::hewlett_packard_enterprise_development_lp:hp_operations_manager_for_linux:9.20:*:*:*:*:*:*:*
• cpe:2.3::hewlett_packard_enterprise_development_lp:hp_operations_manager_for_unix:9.10:*:*:*:*:*:*:*
• cpe:2.3::hewlett_packard_enterprise_development_lp:hp_operations_manager_for_unix:9.11:*:*:*:*:*:*:*
• cpe:2.3::hewlett_packard_enterprise_development_lp:hp_operations_manager_for_unix:9.20:*:*:*:*:*:*:*

External links

https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=emr_na-c04770140

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.

2) Information disclosure

EUVDB-ID: #VU90

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2015-2808

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information communicated by target system.

The vulnerability exists due to access control error. A remote unauthenticated attacker can obtain RC4 encrypted data and conduct a brute-force key guessing attack by monitoring TLS network traffic.

Successful exploitation of this vulnerability may result in disclosure of system information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

HP Operations Manager for Linux: 9.10 - 9.21

HP Operations Manager for Unix: 9.10 - 9.21

CPE2.3

• cpe:2.3::hewlett_packard_enterprise_development_lp:hp_operations_manager_for_linux:9.10:*:*:*:*:*:*:*
• cpe:2.3::hewlett_packard_enterprise_development_lp:hp_operations_manager_for_linux:9.11:*:*:*:*:*:*:*
• cpe:2.3::hewlett_packard_enterprise_development_lp:hp_operations_manager_for_linux:9.20:*:*:*:*:*:*:*
• cpe:2.3::hewlett_packard_enterprise_development_lp:hp_operations_manager_for_unix:9.10:*:*:*:*:*:*:*
• cpe:2.3::hewlett_packard_enterprise_development_lp:hp_operations_manager_for_unix:9.11:*:*:*:*:*:*:*
• cpe:2.3::hewlett_packard_enterprise_development_lp:hp_operations_manager_for_unix:9.20:*:*:*:*:*:*:*

External links

https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=emr_na-c04770140

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.