Vulnerabilities > CVE-2017-12557 - Deserialization of Untrusted Data vulnerability in HP Intelligent Management Center
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 22 |
Common Weakness Enumeration (CWE)
Exploit-Db
file | exploits/windows/remote/45952.rb |
id | EDB-ID:45952 |
last seen | 2018-12-04 |
modified | 2018-12-04 |
platform | windows |
port | 8080 |
published | 2018-12-04 |
reporter | Exploit-DB |
source | https://www.exploit-db.com/download/45952 |
title | HP Intelligent Management - Java Deserialization RCE (Metasploit) |
type | remote |
Metasploit
description | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WebDMDebugServlet, which listens on TCP ports 8080 and 8443 by default. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute arbitrary code in the context of SYSTEM. |
id | MSF:EXPLOIT/WINDOWS/HTTP/HP_IMC_JAVA_DESERIALIZE |
last seen | 2020-06-10 |
modified | 2018-12-18 |
published | 2018-11-10 |
references | |
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/http/hp_imc_java_deserialize.rb |
title | HP Intelligent Management Java Deserialization RCE |
Nessus
NASL family | Misc. |
NASL id | HP_IMC_73_E0506P03.NASL |
description | The version of HPE Intelligent Management Center (iMC) PLAT installed on the remote host is prior to 7.3 E0506P03. It is, therefore, affected by multiple vulnerabilities that can be exploited to execute arbitrary code. Note that Intelligent Management Center (iMC) is an HPE product; however, it is branded as H3C. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 103696 |
published | 2017-10-06 |
reporter | This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/103696 |
title | H3C / HPE Intelligent Management Center PLAT < 7.3 E0506P03 Multiple Vulnerabilities |
code |
|
Packetstorm
data source | https://packetstormsecurity.com/files/download/150615/hp_imc_java_deserialize.rb.txt |
id | PACKETSTORM:150615 |
last seen | 2018-12-04 |
published | 2018-12-04 |
reporter | mr_me |
source | https://packetstormsecurity.com/files/150615/HP-Intelligent-Management-Java-Deserialization-Remote-Code-Execution.html |
title | HP Intelligent Management Java Deserialization Remote Code Execution |