Date Published: March 17, 2010
Date of Last Revision: March 17, 2010
Threat Assessment: MEDIUM - Action Required by 2010-04-14
Target Audience: Administrators who manage any systems using HP Broadcom Integrated NIC Firmware versions 1.24.0.9 and earlier as well as 8.04 on the following hardware are affected:
- HP Small Form Factor or Microtower PC with Broadcom Integrated NIC
- Broadcom Integrated NIC Management Firmware versions impacted
- Broadcom Integrated NIC Management Firmware version provided in sp47557
OPERATING SYSTEMS AFFECTED
All Windows OS
APPLICATIONS AFFECTED
Broadcom NIC 1.X
Broadcom NIC 8.X
PROBLEM SUMMARY
Multiple HP devices running HP Broadcom Integrated NIC Firmware are prone to a remotely exploitable remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code with administrative privileges, resulting in a complete compromise of the affected computer.
TECHNICAL DETAILS
An attacker can remotely exploit this issue over the network to execute commands with SYSTEM-level privileges. Successful exploits will completely compromise affected computers.
ADDITIONAL ISSUES
Remote Attack Possible: Yes
Administrative Privilege Gained: Yes
Attack Scripts Available: No
CORRECTIVE ACTION
Refer to the RESOLUTION section of each SSRT bulletin (listed in the REFERENCES section below) for additional details and instructions to fix the vulnerability.
REFERENCES
HPSBGN02511 SSRT100022 rev.2 - HP Small Form Factor or Microtower PC with Broadcom Integrated NIC Firmware, Remote Execution of Arbitrary Code
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02048471
| SSRT100022 | ||
| CVE-2010-0104 |