ID CVE-2017-12557
Summary A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found.
References
Vulnerable Configurations
  • HP Intelligent Management Center 7.3
    cpe:2.3:a:hp:intelligent_management_center:7.3
  • cpe:2.3:a:hp:intelligent_management_center:7.3:e0504p2
    cpe:2.3:a:hp:intelligent_management_center:7.3:e0504p2
CVSS
Base: 10.0
Impact:
Exploitability:
CWE CWE-502
CAPEC
exploit-db via4
file exploits/windows/remote/45952.rb
id EDB-ID:45952
last seen 2018-12-04
modified 2018-12-04
platform windows
port 8080
published 2018-12-04
reporter Exploit-DB
source https://www.exploit-db.com/download/45952
title HP Intelligent Management - Java Deserialization RCE (Metasploit)
type remote
metasploit via4
description This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WebDMDebugServlet, which listens on TCP ports 8080 and 8443 by default. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute arbitrary code in the context of SYSTEM.
id MSF:EXPLOIT/WINDOWS/HTTP/HP_IMC_JAVA_DESERIALIZE
last seen 2019-02-14
modified 2018-12-18
published 2018-11-10
reliability Excellent
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/hp_imc_java_deserialize.rb
title HP Intelligent Management Java Deserialization RCE
nessus via4
NASL family Misc.
NASL id HP_IMC_73_E0506P03.NASL
description The version of HPE Intelligent Management Center (iMC) PLAT installed on the remote host is prior to 7.3 E0506P03. It is, therefore, affected by multiple vulnerabilities that can be exploited to execute arbitrary code. Note that Intelligent Management Center (iMC) is an HPE product; however, it is branded as H3C.
last seen 2019-01-16
modified 2018-11-15
plugin id 103696
published 2017-10-06
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=103696
title H3C / HPE Intelligent Management Center PLAT < 7.3 E0506P03 Multiple Vulnerabilities
packetstorm via4
data source https://packetstormsecurity.com/files/download/150615/hp_imc_java_deserialize.rb.txt
id PACKETSTORM:150615
last seen 2018-12-04
published 2018-12-04
reporter mr_me
source https://packetstormsecurity.com/files/150615/HP-Intelligent-Management-Java-Deserialization-Remote-Code-Execution.html
title HP Intelligent Management Java Deserialization Remote Code Execution
refmap via4
bid 101152
confirm https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03778en_us
sectrack 1039495
Last major update 15-02-2018 - 17:29
Published 15-02-2018 - 17:29
Last modified 05-12-2018 - 06:29
Back to Top