Remote code execution in HP Network Automation

1) Remote code execution

EUVDB-ID: #VU592

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2016-4385

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote user to cause remote code execution on the target system.
The weakness is caused by security bypass. The vulnerability is used for handling Java object deserialization in Apache Commons-Collections and Commons-BeanUtils library and allows a remote user to trigger code execution.
Successful exploitation of the vulnerability leads to remote code execution on the vulnerable system.

Mitigation

Install patched version from vendor's website:

https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facetsearch/document/LID/NA_00033
(10.00.02.01)
https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facetsearch/document/LID/NA_00030
https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facetsearch/document/LID/NA_00034
(10.11.00.01)

Vulnerable software versions

HP Network Automation: 9.10 - 10.00

CPE2.3

• cpe:2.3:a:hewlett_packard_enterprise_development_lp:hp_network_automation:9.10:*:*:*:*:*:*:*
• cpe:2.3:a:hewlett_packard_enterprise_development_lp:hp_network_automation:9.20:*:*:*:*:*:*:*
• cpe:2.3:a:hewlett_packard_enterprise_development_lp:hp_network_automation:10.00:*:*:*:*:*:*:*

External links

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05279098

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.