CVE-2012-5930

NetIQ Privileged User Manager < 2.3.1 HF2 - Unauthenticated Password Change via AMF Request

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-5930.

AI-analyzed exploit summary This exploit demonstrates a pre-authentication remote code execution vulnerability in Novell NetIQ Privileged User Manager 2.3.1. It leverages a flaw in the `pa_modify_accounts()` function within `auth.dll` to change the admin password without authentication, then uses a post-authentication flaw in `set_log_config()` to write arbitrary files and achieve SYSTEM-level command execution.

Description

The pa_modify_accounts function in auth.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 does not require authentication for the modifyAccounts method, which allows remote attackers to change the passwords of administrative accounts via a crafted application/x-amf request.

Exploits (1)

exploitdb WORKING POC
remotewindows
https://www.exploit-db.com/exploits/22737

This exploit demonstrates a pre-authentication remote code execution vulnerability in Novell NetIQ Privileged User Manager 2.3.1. It leverages a flaw in the `pa_modify_accounts()` function within `auth.dll` to change the admin password without authentication, then uses a post-authentication flaw in `set_log_config()` to write arbitrary files and achieve SYSTEM-level command execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Novell NetIQ Privileged User Manager 2.3.1
No auth needed
Prerequisites: Network access to TCP port 443 on the target system · Target system running Novell NetIQ Privileged User Manager 2.3.1
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (4)

Core 4

Scores

EPSS 0.0737
EPSS Percentile 93.6%

Details

CWE
CWE-287
Status published
Products (2)
microfocus/privileged_user_manager 2.3.0
microfocus/privileged_user_manager 2.3.1
Published Dec 24, 2012
Tracked Since Feb 18, 2026