PT-2017-16694 · Hewlett Packard · Hpe Network Automation

Published

2017-05-11

Updated

2018-03-07

CVE-2017-5812

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions HPE Network Automation versions 9.1x through 10.2x

Description A remote SQL information disclosure vulnerability was found, which may allow unauthorized access to sensitive data. Additionally, an authentication bypass vulnerability in the PermissionFilter was identified.

Recommendations For HPE Network Automation versions 9.1x through 10.2x, consider restricting access to sensitive data and authentication mechanisms until a patch is available. As a temporary workaround, consider disabling the PermissionFilter authentication mechanism to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2017-5812

ZDI-17-332

Affected Products

Hpe Network Automation

PT-2017-16694 · Hewlett Packard · Hpe Network Automation

CVE-2017-5812

Weakness Enumeration

Related Identifiers

Affected Products

References · 6