CVE-1999-1163

Vulnerability

The vulnerability affects HP Series 800 S/X/V Class servers. An unspecified flaw in the Service Support Processor (SSP) Teststation allows remote attackers to gain access to the console. The advisory HPSBUX9911-105 indicates the problem is specific to V Class Teststation, but the description also mentions S/X/V Class servers [1]. The exact software versions affected are not detailed in the available references.

Exploitation

An attacker can exploit this vulnerability remotely without requiring authentication or user interaction. The specific steps are not disclosed, but the advisory suggests that the SSP Teststation, which is typically used for service and diagnostics, can be accessed over the network. The attacker needs network connectivity to the affected server [1].

Impact

Successful exploitation allows a remote attacker to gain console-level access to the S/X/V Class server. This gives the attacker the same privileges as local console users, potentially including full control over the system. The impact includes complete compromise of confidentiality, integrity, and availability of the affected server [1].

Mitigation

Hewlett-Packard released a security advisory (HPSBUX9911-105) but the available references do not specify a fixed version or patch. The mitigation steps should be obtained from HP support. As this is from 1999, the affected systems are likely end-of-life, and upgrading to a supported platform is recommended [1].