CVE-2013-3574

Published: Jun 14, 2013Modified: Apr 29, 2026

7.8

Vector

AV:N/AC:L/Au:N/C:N/I:C/A:N

Exploitability: 10.0 / Impact: 6.9

Source: NVD

Description

Absolute path traversal vulnerability in hpdiags/frontend2/commands/saveCompareConfig.php in HP Insight Diagnostics 9.4.0.4710 allows remote attackers to write data to arbitrary files via a full pathname in the argument to the devicePath (aka mount) parameter.

Affected (1)

Products: Hp: Insight Diagnostics

1 product

Insight Diagnostics

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Hp Insight Diagnostics	Version 9.4.0.4710

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

http://www.kb.cert.org/vuls/id/324668

Source: cret@cert.org

US Government Resource

http://www.kb.cert.org/vuls/id/324668

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

Timeline

No history available yet.