| CVE ID | CVE-2013-6213 |
| CVSS SCORE | 10.0, AV:N/AC:L/Au:N/C:C/I:C/A:C |
| AFFECTED VENDORS |
Hewlett-Packard |
| AFFECTED PRODUCTS |
Virtual User Generator |
| VULNERABILITY DETAILS |
The specific flaw exists within the exposed EmulationAdminSoapBinding web service. The issue lies in the handling of several methods resulting in the ability to read, write, and delete arbitrary files. An attacker can leverage this vulnerability to leak credential databases or execute code under the context of SYSTEM. |
| ADDITIONAL DETAILS |
Hewlett-Packard has issued an update to correct this vulnerability. More details can be found at:
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03969437 |
| DISCLOSURE TIMELINE |
|
| CREDIT | Andrea Micalizzi aka rgod |
