HP ProCurve Agent AgentServlet Remote Code Execution Exploit

The AgentServlet class in the Web interface of HP ProCurve Agent is prone to an authentication bypass vulnerability when handling HEAD requests. This vulnerability can be abused by remote unauthenticated attackers to modify the configuration of the HP ProCurve Agent, which can ultimately be leveraged to access the Tornado service component and finally execute arbitrary code with SYSTEM privileges on the target machine.
Exploit type: 
Platform: 
Vulnerabilty ID: 
CVE-2013-4813
Product Version: 
2014_R1
Released Date: 
Wednesday, April 16, 2014 - 00:00