E17-0i6q1
CVSS:
8.8 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
False Positive:
f
Variants:
2
Year:
2017
Description
This strike exploits an insecure java deserialization in Hewlett Packard Enterprise (HPE) Intelligent Management Center (IMC).
This vulnerability is due to improper validation of Java serialized objects before deserialization .
An attacker could send a specially crafted HTTP POST request to achieve arbitrary command execution with either SYSTEM or root privileges.
CVE
References
Metasploit
http://www.zerodayinitiative.com/advisories/ZDI-17-855
Zdi
17-855