header-logo
Suggest Exploit
vendor:
ProCurve Threat Management Services zl Module
by:
SecurityFocus
4.3
CVSS
MEDIUM
Security Bypass Vulnerability
287
CWE
Product Name: ProCurve Threat Management Services zl Module
Affected Version From: vST.1.0.090213
Affected Version To: vST.1.0.090213
Patch Exists: Yes
Related CWE: N/A
CPE: h:hp:procurve_threat_management_services_zl_module
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

HP ProCurve Threat Management Services zl Module Security Bypass Vulnerability

HP ProCurve Threat Management Services zl Module is prone to a security-bypass vulnerability. Successful exploits may allow attackers to bypass certain security restrictions, which may aid in launching further attacks. ProCurve Threat Management Services zl Module J9155A running vST.1.0.090213 firmware or prior is vulnerable. Exploitation involves going to the VPN-->Certificates--> CRL page and loading a CRL list, saving the entire configuration, rebooting the TMS zl Module, and then going to the VPN--> Certificates--> CRL page and the CRL is no longer available.

Mitigation:

Upgrade to the latest version of HP ProCurve Threat Management Services zl Module
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/35659/info

HP ProCurve Threat Management Services zl Module is prone to a security-bypass vulnerability.

Successful exploits may allow attackers to bypass certain security restrictions, which may aid in launching further attacks.

ProCurve Threat Management Services zl Module J9155A running vST.1.0.090213 firmware or prior is vulnerable.

1. Go to VPN-->Certificates--> CRL page and load a CRL list.
2. Save the entire configuration.
3. Reboot the TMS zl Module.
4. Once the TMS zl Module is available, go to VPN--> Certificates--> CRL page and the CRL is no longer available.