CVE-2013-4811

HP Identity Driven Manager 4.0 - Remote Code Execution via SNAC UpdateDomainControllerServlet

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2013-4811. PoCs published by Metasploit, including Metasploit module exploits/windows/http/hp_pcm_snac_update_domain.

AI-analyzed exploit summary This Metasploit module exploits a path traversal vulnerability in HP ProCurve Manager SNAC Server (CVE-2013-4811) to upload and execute a JSP payload, achieving remote code execution. It bypasses authentication and leverages a file upload flaw in the UpdateDomainControllerServlet.

Description

UpdateDomainControllerServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the adCert argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-1743.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/28336

This Metasploit module exploits a path traversal vulnerability in HP ProCurve Manager SNAC Server (CVE-2013-4811) to upload and execute a JSP payload, achieving remote code execution. It bypasses authentication and leverages a file upload flaw in the UpdateDomainControllerServlet.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: HP ProCurve Manager 4.0 SNAC Server
No auth needed
Prerequisites: Network access to the target server · SNAC Server running on port 443
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/hp_pcm_snac_update_domain.rb

This Metasploit module exploits a path traversal vulnerability in HP ProCurve Manager SNAC Server (CVE-2013-4811) to upload a JSP payload, bypassing authentication. It achieves remote code execution by leveraging a flawed file upload mechanism in the UpdateDomainControllerServlet.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: HP ProCurve Manager 4.0 SNAC Server
No auth needed
Prerequisites: Network access to the target server · SSL/TLS enabled on port 443
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1029010
Third Party Advisory x_refsource_misc
http://zerodayinitiative.com/advisories/ZDI-13-226/
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/54788

Scores

EPSS 0.7129
EPSS Percentile 99.3%

Details

CWE
CWE-20
Status published
Products (3)
hp/identity_driven_manager 4.0
hp/procurve_manager 3.20
hp/procurve_manager 4.0
Published Sep 16, 2013
Tracked Since Feb 18, 2026