7.5
CVSSv2

CVE-2016-4385

Published: 29/09/2016 Updated: 17/02/2018
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 7.3 | Impact Score: 3.4 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

The RMI service in HP Network Automation Software 9.1x, 9.2x, 10.0x prior to 10.00.02.01, and 10.1x prior to 10.11.00.01 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) and Commons BeanUtils libraries.

Affected Products

Vendor Product Versions
HpNetwork Automation9.10, 9.20, 9.22, 9.22.01, 9.22.02, 10.00, 10.00.01, 10.00.02, 10.10, 10.11

Github Repositories

Java-Deserialization-Cheat-Sheet A cheat sheet for pentesters and researchers about deserialization vulnerabilities in various Java (JVM) serialization libraries Please, use #javadeser hash tag for tweets Table of content Java Native Serialization (binary) Overview Main talks & presentations & docs Payload generators Exploits Detect Vulnerable apps (without