#VU691 Arbitrary Files Modification in HP Network Automation - CVE-2016-4386

Cybersecurity Help s.r.o.

Published: 2016-09-29 | Updated: 2016-09-30

Vulnerability identifier: #VU691

Vulnerability risk: Low

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2016-4386

CWE-ID: CWE-284

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
HP Network Automation
Client/Desktop applications / Software for system administration

Vendor: Hewlett Packard Enterprise Development LP

Description
The vulnerability allows a remote user to modify arbitrary files on the target system.

The vulnerability is due to an unspecified access conditions that allows attackers to obtain and modify files on a targeted system that were not allowed to access.

Successful exploitation of the vulnerability mau result in files modification and further consequences.

Vulnerable software versions

HP Network Automation: 10.10

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Arbitrary Files Modification in HP Network Automation