HP ProCurve Agent AgentServlet Remote Code Execution Exploit

The AgentServlet class in the Web interface of HP ProCurve Agent is prone to an authentication bypass vulnerability when handling HEAD requests. This vulnerability can be abused by remote unauthenticated attackers to modify the configuration of the HP ProCurve Agent, which can ultimately be leveraged to access the Tornado service component and finally execute arbitrary code with SYSTEM privileges on the target machine.
Exploit type: 
Vulnerabilty ID: 
Product Version: 
Released Date: 
Wednesday, April 16, 2014 - 00:00