HP Security Bulletin HPSBGN02929 - Potential security vulnerabilities have been identified with HP Intelligent Management Center (iMC) and HP IMC Branch Intelligent Management System Software Module (BIMS). The vulnerabilities could be remotely exploited resulting in code execution and disclosure of information. Note: The vulnerability solutions have been implemented in the iMC BIMS software updates. In order to be interoperable with the iMC BIMS updated software, software updates are required for Comware Based Switches and Routers that use BIMS. The software update information for the Comware Based Switches and Routers is also included in the Resolution section below. Revision 1 of this advisory.
1a9b0267d979f31cf869ca2179651c1ca9f3ca5eca762a3f8e5b9cbf8682aaae
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c03943425
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03943425
Version: 1
HPSBGN02929 rev.1 - HP Intelligent Management Center (iMC), HP IMC Branch
Intelligent Management System Software Module (BIMS), and Comware Based
Switches and Routers, Remote Code Execution, Disclosure of Information
NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.
Release Date: 2013-10-08
Last Updated: 2013-10-08
Potential Security Impact: Remote code execution, disclosure of information.
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP Intelligent
Management Center (iMC) and HP IMC Branch Intelligent Management System
Software Module (BIMS). The vulnerabilities could be remotely exploited
resulting in code execution and disclosure of information.
Note: The vulnerability solutions have been implemented in the iMC BIMS
software updates. In order to be interoperable with the iMC BIMS updated
software, software updates are required for Comware Based Switches and
Routers that use BIMS. The software update information for the Comware Based
Switches and Routers is also included in the Resolution section below.
References:
CVE-2013-4822 (ZDI-CAN-1606, SSRT101025) Remote Code Execution
CVE-2013-4823 (ZDI-CAN-1607, SSRT101026) Remote Disclosure of Information
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
Please refer to the RESOLUTION
section below for a list of impacted products.
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2013-4822 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2013-4823 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
The Hewlett-Packard Company thanks Andrea Micalizzi aka rgod for working with
HP's Zero Day Initiative to report CVE-2013-4822 and CVE-2013-4823 to
security-alert@hp.com
RESOLUTION
HP has provided the following software updates to resolve these
vulnerabilities here...
http://www.hp.com/networking/support
Note: The vulnerability solutions have been implemented in the iMC BIMS
software updates. In order to be interoperable with the iMC BIMS updated
software, software updates are required for Comware Based Switches and
Routers that use BIMS. It is very important to update Comware Based Switches
and Routers software to the versions listed in the next table below.
Fixed Version
HP Branded Products Impacted
CVE
HP_iMC_PLAT_5.2_E0401
HP_iMC_BIMS_5.2_E0401
JF377A HP IMC Standard Edition Software Platform with 100-node License
JF377AAE HP IMC Standard Edition Software Platform with 100-node E-LTU
TJ635AAEHP IMC for ANM 50 node pack SW E-LTU
JG549AAE HP PCM+ to IMC Std Upgr w/200-node E-LTU
JG265AAE HP A-IMC BIMS S/W Module w/50-node E-LTU
JG265A HP A-IMC BIMS S/W Module w/50-node Lic
CVE-2013-4822
CVE-2013-4823
HP_iMC_BIMS_5.2_E0401
JF378A HP IMC Enterprise Edition Software Platform with 200-node License
JF378AAE HP IMC Enterprise Edition Software Platform with 200-Node E-LTU
JG265AAE HP A-IMC BIMS S/W Module w/50-node E-LTU
JG265A HP A-IMC BIMS S/W Module w/50-node Lic
CVE-2013-4822
CVE-2013-4823
Required Updates for Comware Based Switches and Routers that use BIMS
Updated Version
HP Branded Products Impacted
H3C Branded Products Impacted
3Com Branded Products Impacted
12500_5.20.R1828
JC085A HP A12518 Switch Chassis
JC086A HP A12508 Switch Chassis
JC652A HP 12508 DC Switch Chassis
JC653A HP 12518 DC Switch Chassis
JC654A HP 12504 AC Switch Chassis
JC655A HP 12504 DC Switch Chassis
JF430A HP A12518 Switch Chassis
JF430B HP 12518 Switch Chassis
JF430C HP 12518 AC Switch Chassis
JF431A HP A12508 Switch Chassis
JF431B HP 12508 Switch Chassis
JF431C HP 12508 AC Switch Chassis
H3C S12508 Routing Switch(AC-1) (0235A0GE)
H3C S12518 Routing Switch(AC-1) (0235A0GF)
H3C S12508 Chassis (0235A0E6)
H3C S12508 Chassis (0235A38N)
H3C S12518 Chassis (0235A0E7)
H3C S12518 Chassis (0235A38M)
N/A
S9500E_5.20.R1828
JC124A HP A9508 Switch Chassis
JC124B HP 9505 Switch Chassis
JC125A HP A9512 Switch Chassis
JC125B HP 9512 Switch Chassis
JC474A HP A9508-V Switch Chassis
JC474B HP 9508-V Switch Chassis
H3C S9505E Routing-Switch Chassis (0235A0G6)
H3C S9508E-V Routing-Switch Chassis (0235A38Q)
H3C S9512E Routing-Switch Chassis (0235A0G7)
H3C S9508E-V Routing-Switch Chassis (0235A38Q)
H3C S9505E Chassis w/ Fans (0235A38P)
H3C S9512E Chassis w/ Fans (0235A38R)
N/A
5830_5.20.R1118P02
JC691A HP A5830AF-48G Switch w/1 Interface Slot
JC694A HP A5830AF-96G Switch
JG316A HP 5830AF-48G TAA Switch w/1 Intf Slot
JG374A HP 5830AF-96G TAA Switch
N/A
N/A
A5800-5820X_5.20.R1808P08
JC099A HP 5800-24G-PoE Switch
JC100A HP 5800-24G Switch
JC101A HP 5800-48G Switch with 2 Slots
JC102A HP 5820-24XG-SFP+ Switch
JC103A HP 5800-24G-SFP Switch
JC104A HP 5800-48G-PoE Switch
JC105A HP 5800-48G Switch
JC106A HP 5820-14XG-SFP+ Switch with 2 Slots
JG219A HP 5820AF-24XG Switch
JG225A HP 5800AF-48G Switch
JG242A HP 5800-48G-PoE+ TAA Switch w 2 Slots
JG243A HP 5820-24XG-SFP+ TAA-compliant Switch
JG254A HP 5800-24G-PoE+ TAA-compliant Switch
JG255A HP 5800-24G TAA-compliant Switch
JG256A HP 5800-24G-SFP TAA Switch w 1 Intf Slt
JG257A HP 5800-48G-PoE+ TAA Switch with 1 Slot
JG258A HP 5800-48G TAA Switch w 1 Intf Slot
JG259A HP 5820X-14XG-SFP+ TAA Switch w 2 Slots
H3C S5800-32C - 24-port 1BT Plus 4-port (SFP Plus ) Plus 1 media slot
(0235A36U)
H3C S5800-32C-PWR - 24-port 10/100/1000BASE-T (RJ45) Plus 4-port 10GBASE-X
(SFP Plus ) Plus 1 media module PoE (0235A36S)
H3C S5800-32F 24-port 1000BASE-X (SFP) Plus 4-port 10GBASE-X (SFP Plus ) Plus
media module (no power) (0235A374)
H3C S5800-56C 48-port 10/100/1000BASE-T (RJ45) Plus 4port 10GBASE-X (SFP Plus
) Plus media module (0235A379)
H3C S5800-56C-PWR 48-port BT Plus 4 port (SFP Plus ) Plus media module
(0235A378)
H3C S5800-60C-PWR 48-port BT Plus 4-port SFP Plus 2 media modules Plus OSM
(0235A36W)
H3C S5820X-28C 14 port (SFP Plus ) Plus 4-port BT (RJ45) Plus 2 media modules
Plus OSM (0235A37L)
H3C S5820X-28S 24-port 10GBASE-X (SFP Plus ) Plus 4-port 10/100/1000BASE-T
(RJ45) (0235A370)
N/A
5500.HI_5.20.R5203P02
JG311A HP HI 5500-24G-4SFP w/2 Intf Slts Switch
JG312A HP HI 5500-48G-4SFP w/2 Intf Slts Switch
JG541A HP 5500-24G-PoE+-4SFP HI Switch w/2 Slt
JG542A HP 5500-48G-PoE+-4SFP HI Switch w/2 Slt
JG543A HP 5500-24G-SFP HI Switch w/2 Intf Slt
N/A
N/A
5500.EI-4800G_5.20.R2220P07
JD373A HP 5500-24G DC EI Switch
JD374A HP 5500-24G-SFP EI Switch
JD375A HP 5500-48G EI Switch
JD376A HP 5500-48G-PoE EI Switch
JD377A HP 5500-24G EI Switch
JD378A HP 5500-24G-PoE EI Switch
JD379A HP 5500-24G-SFP DC EI Switch
JG240A HP 5500-48G-PoE+ EI Switch w/2 Intf Slts
JG241A HP 5500-24G-PoE+ EI Switch w/2 Intf Slts
JG249A HP 5500-24G-SFP EI TAA Switch w 2 Slts
JG250A HP 5500-24G EI TAA Switch w 2 Intf Slts
JG251A HP 5500-48G EI TAA Switch w 2 Intf Slts
JG252A HP 5500-24G-PoE+ EI TAA Switch w/2 Slts
JG253A HP 5500-48G-PoE+ EI TAA Switch w/2 Slts
H3C S5500-28C-EI Ethernet Switch (0235A253)
H3C S5500-28F-EI Eth Switch AC Single (0235A24U)
H3C S5500-52C-EI Ethernet Switch (0235A24X)
H3C S5500-28C-EI-DC Ethernet Switch (0235A24S)
H3C S5500-28C-PWR-EI Ethernet Switch (0235A255)
H3C S5500-28F-EI Eth Swtch DC Single Pwr (0235A259)
H3C S5500-52C-PWR-EI Ethernet Switch (0235A251)
N/A
5120.SI_5.20.R1513P50
JE072A HP 5120-48G SI Switch
JE073A HP 5120-16G SI Switch
JE074A HP 5120-24G SI Switch
JG091A HP 5120-24G-PoE+ (370W) SI Switch
JG092A HP 5120-24G-PoE+ (170W) SI Switch
H3C S5120-28P-HPWR-SI (0235A0E5)
H3C S5120-28P-PWR-SI (0235A0E3)
H3C S5120-20P-SI L2 16GE Plus 4SFP (0235A42B)
H3C S5120-28P-SI 24GE Plus 4 SFP (0235A42D)
H3C S5120-52P-SI 48GE Plus 4 SFP (0235A41W)
N/A
5500.EI-4800G_5.20.R2220P07
JD007A HP 4800-24G Switch
JD008A HP 4800-24G-PoE Switch
JD009A HP 4800-24G-SFP Switch
JD010A HP 4800-48G Switch
JD011A HP 4800-48G-PoE Switch
N/A
3Com Switch 4800G 24-Port (3CRS48G-24-91)
3Com Switch 4800G 24-Port SFP (3CRS48G-24S-91)
3Com Switch 4800G 48-Port (3CRS48G-48-91)
3Com Switch 4800G PWR 24-Port (3CRS48G-24P-91)
3Com Switch 4800G PWR 48-Port (3CRS48G-48P-91)
3600V2_5.20.R2108P07
JG299A HP 3600-24 v2 EI Switch
JG300A HP 3600-48 v2 EI Switch
JG301A HP 3600-24-PoE+ v2 EI Switch
JG302A HP 3600-48-PoE+ v2 EI Switch
JG303A HP 3600-24-SFP v2 EI Switch
JG304A HP 3600-24 v2 SI Switch
JG305A HP 3600-48 v2 SI Switch
JG306A HP 3600-24-PoE+ v2 SI Switch
JG307A HP 3600-48-PoE+ v2 SI Switch
N/A
N/A
3100V2_5.20.R5203P03
JD313B HP 3100-24-PoE v2 EI Switch
JD318B HP 3100-8 v2 EI Switch
JD319B HP 3100-16 v2 EI Switch
JD320B HP 3100-24 v2 EI Switch
JG221A HP 3100-8 v2 SI Switch
JG222A HP 3100-16 v2 SI Switch
JG223A HP 3100-24 v2 SI Switch
N/A
N/A
MSR20.SI_5.20.R2507-B
JD432A HP A-MSR20-21 Multi-Service Router
JD662A HP MSR20-20 Multi-Service Router
JD663A HP MSR20-21 Multi-Service Router
JD663B HP MSR20-21 Router
JD664A HP MSR20-40 Multi-Service Router
JF228A HP MSR20-40 Router
JF283A HP MSR20-20 Router
H3C RT-MSR2020-AC-OVS-H3C (0235A324)
H3C RT-MSR2040-AC-OVS-H3 (0235A326)
H3C MSR 20-20 (0235A19H)
H3C MSR 20-21 (0235A325)
H3C MSR 20-40 (0235A19K)
H3C MSR-20-21 Router (0235A19J)
N/A
MSR201X_5.20.R2507-B
JD431A HP MSR20-10 Router
JD667A HP MSR20-15 IW Multi-Service Router
JD668A HP MSR20-13 Multi-Service Router
JD669A HP MSR20-13 W Multi-Service Router
JD670A HP MSR20-15 A Multi-Service Router
JD671A HP MSR20-15 AW Multi-Service Router
JD672A HP MSR20-15 I Multi-Service Router
JD673A HP MSR20-11 Multi-Service Router
JD674A HP MSR20-12 Multi-Service Router
JD675A HP MSR20-12 W Multi-Service Router
JD676A HP MSR20-12 T1 Multi-Service Router
JF236A HP MSR20-15-I Router
JF237A HP MSR20-15-A Router
JF238A HP MSR20-15-I-W Router
JF239A HP MSR20-11 Router
JF240A HP MSR20-13 Router
JF241A HP MSR20-12 Router
JF806A HP MSR20-12-T Router
JF807A HP MSR20-12-W Router
JF808A HP MSR20-13-W Router
JF809A HP MSR20-15-A-W Router
JF817A HP MSR20-15 Router
JG209A HP MSR20-12-T-W Router (NA)
JG210A HP MSR20-13-W Router (NA)
H3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1 ADSLoPOTS 1 DSIC (0235A0A8)
H3C MSR 20-10 (0235A0A7)
H3C RT-MSR2011-AC-OVS-H3 (0235A395)
H3C RT-MSR2012-AC-OVS-H3 (0235A396)
H3C RT-MSR2012-AC-OVS-W-H3 (0235A397)
H3C RT-MSR2012-T-AC-OVS-H3 (0235A398)
H3C RT-MSR2013-AC-OVS-H3 (0235A390)
H3C RT-MSR2013-AC-OVS-W-H3 (0235A391)
H3C RT-MSR2015-AC-OVS-A-H3 (0235A392)
H3C RT-MSR2015-AC-OVS-AW-H3 (0235A393)
H3C RT-MSR2015-AC-OVS-I-H3 (0235A394)
H3C RT-MSR2015-AC-OVS-IW-H3 (0235A38V)
H3C MSR 20-11 (0235A31V)
H3C MSR 20-12 (0235A32E)
H3C MSR 20-12 T1 (0235A32B)
H3C MSR 20-13 (0235A31W)
H3C MSR 20-13 W (0235A31X)
H3C MSR 20-15 A (0235A31Q)
H3C MSR 20-15 A W (0235A31R)
H3C MSR 20-15 I (0235A31N)
H3C MSR 20-15 IW (0235A31P)
H3C MSR20-12 W (0235A32G)
N/A
MSR30.SI_5.20.R2507-B
JD654A HP MSR30-60 POE Multi-Service Router
JD657A HP MSR30-40 Multi-Service Router
JD658A HP MSR30-60 Multi-Service Router
JD660A HP MSR30-20 POE Multi-Service Router
JD661A HP MSR30-40 POE Multi-Service Router
JD666A HP MSR30-20 Multi-Service Router
JF229A HP MSR30-40 Router
JF230A HP MSR30-60 Router
JF232A HP RT-MSR3040-AC-OVS-AS-H3
JF235A HP MSR30-20 DC Router
JF284A HP MSR30-20 Router
JF287A HP MSR30-40 DC Router
JF801A HP MSR30-60 DC Router
JF802A HP MSR30-20 PoE Router
JF803A HP MSR30-40 PoE Router
JF804A HP MSR30-60 PoE Router
H3C MSR 30-20 Router (0235A328)
H3C MSR 30-40 Router Host(DC) (0235A268)
H3C RT-MSR3020-AC-POE-OVS-H3 (0235A322)
H3C RT-MSR3020-DC-OVS-H3 (0235A267)
H3C RT-MSR3040-AC-OVS-H (0235A299)
H3C RT-MSR3040-AC-POE-OVS-H3 (0235A323)
H3C RT-MSR3060-AC-OVS-H3 (0235A320)
H3C RT-MSR3060-AC-POE-OVS-H3 (0235A296)
H3C RT-MSR3060-DC-OVS-H3 (0235A269)
H3C MSR 30-20 RTVZ33020AS Router Host(AC) (0235A20S)
H3C MSR 30-20 (0235A19L)
H3C MSR 30-20 POE (0235A239)
H3C MSR 30-40 (0235A20J)
H3C MSR 30-40 POE (0235A25R)
H3C MSR 30-60 (0235A20K)
H3C MSR 30-60 POE (0235A25S)
H3C RT-MSR3040-AC-OVS-AS-H3 (0235A20V)
N/A
MSR3016.SI_5.20.R2507-B
JD659A HP MSR30-16 POE Multi-Service Router
JD665A HP MSR30-16 Multi-Service Router
JF233A HP MSR30-16 Router
JF234A HP MSR30-16 PoE Router
H3C RT-MSR3016-AC-OVS-H3 (0235A327)
H3C RT-MSR3016-AC-POE-OVS-H3 (0235A321)
H3C MSR 30-16 (0235A237)
H3C MSR 30-16 POE (0235A238)
N/A
MSR301X.SI_5.20.R2507-B
JF800A HP MSR30-11 Router
JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr
JG182A HP MSR30-11E Router
JG183A HP MSR30-11F Router
JG184A HP MSR30-10 DC Router
H3C MSR 30-10 Router Host(AC) 2FE 2SIC 1XMIM 256DDR (0235A39H)
H3C RT-MSR3011-AC-OVS-H3 (0235A29L)
N/A
MSR50.SI_5.20.R2507-B
JD433A HP MSR50-40 Router
JD653A HP MSR50 Processor Module
JD655A HP MSR50-40 Multi-Service Router
JD656A HP MSR50-60 Multi-Service Router
JF231A HP MSR50-60 Router
JF285A HP MSR50-40 DC Router
JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply
H3C MSR 50-40 Router (0235A297)
H3C MSR5040-DC-OVS-H3C (0235A20P)
H3C RT-MSR5060-AC-OVS-H3 (0235A298)
H3C MSR 50-40 Chassis (0235A20N)
H3C MSR 50-60 Chassis (0235A20L)
N/A
MSR50.EPUSI_5.20.R2507-B
JD429A HP MSR50 G2 Processor Module
JD429B HP MSR50 G2 Processor Module
H3C H3C MSR 50 Processor Module-G2 (0231A84Q)
H3C MSR 50 High Performance Main Processing Unit 3GE (Combo)
256F/1GD(0231A0KL)
N/A
HISTORY
Version:1 (rev.1) - 8 October 2013 Initial release
Third Party Security Patches: Third party security patches that are to be
installed on systems running HP software products should be applied in
accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HP Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported
product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin
alerts via Email:
http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is
available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2013 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors
or omissions contained herein. The information provided is provided "as is"
without warranty of any kind. To the extent permitted by law, neither HP or
its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits;damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice.
Hewlett-Packard Company and the names of Hewlett-Packard products referenced
herein are trademarks of Hewlett-Packard Company in the United States and
other countries. Other product and company names mentioned herein may be
trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
iEYEARECAAYFAlJUbt8ACgkQ4B86/C0qfVnHbwCfTzenPS7RXCyNh3ZB7qIl6XKf
GA8AoNmLnR9W5k4WUZA9ta4RqvfnxjL0
=38Gt
-----END PGP SIGNATURE-----