Vulnerabilites related to H3C Group - Intelligent Management Center (iMC)
CVE-2024-13980 (GCVE-0-2024-13980)
Vulnerability from cvelistv5
Published
2025-08-27 21:25
Modified
2025-08-28 19:46
Severity ?
10.0 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
CWE
  • CWE-502 - Deserialization of Untrusted Data
Summary
H3C Intelligent Management Center (IMC) versions up to and including E0632H07 contains a remote command execution vulnerability in the /byod/index.xhtml endpoint. Improper handling of JSF ViewState allows unauthenticated attackers to craft POST requests with forged javax.faces.ViewState parameters, potentially leading to arbitrary command execution. This flaw does not require authentication and may be exploited without session cookies. An affected version range is undefined. Exploitation evidence was first observed by the Shadowserver Foundation on 2024-08-28 UTC.
References
https://blog.csdn.net/nnn2188185/article/details/141065540exploit
https://github.com/OJZen/FckESC/blob/master/%E5%86%85%E7%BD%91%E7%99%BB%E5%BD%95%E8%BF%87%E7%A8%8B.txttechnical-description, exploit
https://blog.csdn.net/weixin_48539059/article/details/141033966technical-description, exploit
https://axsec.blog.csdn.net/article/details/141003376technical-description, exploit
https://www.h3c.com/cn/Service/Online_Help/psirt/product
https://www.vulncheck.com/advisories/h3c-intelligent-management-center-rcethird-party-advisory
Impacted products
Vendor Product Version
H3C Group Intelligent Management Center (iMC) Version: *   <
Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-13980",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-28T13:51:33.102773Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-28T13:51:50.554Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "modules": [
            "/byod/index.xhtml"
          ],
          "product": "Intelligent Management Center (iMC)",
          "vendor": "H3C Group",
          "versions": [
            {
              "lessThanOrEqual": "E0632H07",
              "status": "affected",
              "version": "*",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "H3C Intelligent Management Center (IMC) versions up to and including E0632H07 contains a remote command execution vulnerability in the /byod/index.xhtml endpoint. Improper handling of JSF ViewState allows unauthenticated attackers to craft POST requests with forged javax.faces.ViewState parameters, potentially leading to arbitrary command execution. This flaw does not require authentication and may be exploited without session cookies. An affected version range is undefined.\u0026nbsp;Exploitation evidence was first observed by the Shadowserver Foundation on \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e2024-08-28 UTC\u003c/span\u003e."
            }
          ],
          "value": "H3C Intelligent Management Center (IMC) versions up to and including E0632H07 contains a remote command execution vulnerability in the /byod/index.xhtml endpoint. Improper handling of JSF ViewState allows unauthenticated attackers to craft POST requests with forged javax.faces.ViewState parameters, potentially leading to arbitrary command execution. This flaw does not require authentication and may be exploited without session cookies. An affected version range is undefined.\u00a0Exploitation evidence was first observed by the Shadowserver Foundation on 2024-08-28 UTC."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-137",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-137 Parameter Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502 Deserialization of Untrusted Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-28T19:46:22.366Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "tags": [
            "exploit"
          ],
          "url": "https://blog.csdn.net/nnn2188185/article/details/141065540"
        },
        {
          "tags": [
            "technical-description",
            "exploit"
          ],
          "url": "https://github.com/OJZen/FckESC/blob/master/%E5%86%85%E7%BD%91%E7%99%BB%E5%BD%95%E8%BF%87%E7%A8%8B.txt"
        },
        {
          "tags": [
            "technical-description",
            "exploit"
          ],
          "url": "https://blog.csdn.net/weixin_48539059/article/details/141033966"
        },
        {
          "tags": [
            "technical-description",
            "exploit"
          ],
          "url": "https://axsec.blog.csdn.net/article/details/141003376"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.h3c.com/cn/Service/Online_Help/psirt/"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/h3c-intelligent-management-center-rce"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "tags": [
        "x_known-exploited-vulnerability"
      ],
      "title": "H3C Intelligent Management Center (iMC) /byod/index.xhtml RCE",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2024-13980",
    "datePublished": "2025-08-27T21:25:05.918Z",
    "dateReserved": "2025-08-25T18:56:50.272Z",
    "dateUpdated": "2025-08-28T19:46:22.366Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}