Vulnerability Details CVE-2016-4385
The RMI service in HP Network Automation Software 9.1x, 9.2x, 10.0x before 10.00.02.01, and 10.1x before 10.11.00.01 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) and Commons BeanUtils libraries.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.049
EPSS Ranking 89.1%
CVSS Severity
CVSS v3 Score 7.3
CVSS v2 Score 7.5
References
- http://www.securityfocus.com/bid/93109
- http://www.zerodayinitiative.com/advisories/ZDI-16-523/
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05279098
- https://www.tenable.com/security/research/tra-2016-27
- http://www.securityfocus.com/bid/93109
- http://www.zerodayinitiative.com/advisories/ZDI-16-523/
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05279098
- https://www.tenable.com/security/research/tra-2016-27
Products affected by CVE-2016-4385
-
cpe:2.3:a:hp:network_automation:10.00
-
cpe:2.3:a:hp:network_automation:10.00.01
-
cpe:2.3:a:hp:network_automation:10.00.02
-
cpe:2.3:a:hp:network_automation:10.10
-
cpe:2.3:a:hp:network_automation:10.11
-
cpe:2.3:a:hp:network_automation:9.10
-
cpe:2.3:a:hp:network_automation:9.20
-
cpe:2.3:a:hp:network_automation:9.22
-
cpe:2.3:a:hp:network_automation:9.22.01
-
cpe:2.3:a:hp:network_automation:9.22.02