H3C / HPE Intelligent Management Center accessMgrServlet Java Object Deserialization RCE
Critical Nessus Plugin ID 99729
SynopsisA web application hosted on the remote web server is affected by a remote code execution vulnerability.
DescriptionThe H3C or HPE Intelligent Management Center (iMC) web server running on the remote host is affected by a remote code execution vulnerability in accessMgrServlet due to unsafe deserialization of Java objects to various libraries. An unauthenticated, remote attacker can exploit this, by sending a specially crafted HTTP request, to execute arbitrary code on the target host.
Note that Intelligent Management Center (iMC) is an HPE product;
however, it is branded as H3C.
SolutionUpgrade to H3C / HPE iMC version 7.2 E0504 or later.