H3C / HPE Intelligent Management Center RMI Java Object Deserialization RCE

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

A web application hosted on the remote web server is affected by a
remote code execution vulnerability.

Description :

The H3C or HPE Intelligent Management Center (iMC) web server running
on the remote host is affected by a remote code execution
vulnerability due to unsafe deserialization of Java objects to
the Apache Commons BeanUtils library via the euplat RMI registry. An
unauthenticated, remote attacker can exploit this, by sending a
specially crafted RMI message, to execute arbitrary code on the target
host.

Note that Intelligent Management Center (iMC) is an HPE product;
however, it is branded as H3C.

See also :

http://www.nessus.org/u?18091733
http://www.nessus.org/u?e0204f30
http://www.nessus.org/u?7cc45126
http://www.zerodayinitiative.com/advisories/ZDI-17-162/

Solution :

Upgrade to H3C / HPE iMC version 7.3 E0504P02 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.8
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 99728 ()

Bugtraq ID: 96769

CVE ID: CVE-2017-5792

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now