HP ProCurve Threat Management Services - zl ST.1.0.090213 Module CRL Security Bypass

EDB-ID:

33078


Author:

anonymous

Type:

remote


Platform:

Multiple

Date:

2009-06-13


source: https://www.securityfocus.com/bid/35659/info

HP ProCurve Threat Management Services zl Module is prone to a security-bypass vulnerability.

Successful exploits may allow attackers to bypass certain security restrictions, which may aid in launching further attacks.

ProCurve Threat Management Services zl Module J9155A running vST.1.0.090213 firmware or prior is vulnerable.

1. Go to VPN-->Certificates--> CRL page and load a CRL list.
2. Save the entire configuration.
3. Reboot the TMS zl Module.
4. Once the TMS zl Module is available, go to VPN--> Certificates--> CRL page and the CRL is no longer available.