CVE-2016-2009

CWE-284Improper Access ControlCWE-787Out-of-bounds WriteCWE-20Improper Input Validation15 documents7 sources
Severity
8.8HIGH
EPSS
1.1%
top 22.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
HP Network Node Manager I
Timeline
PublishedMay 7
Latest updateMay 17

Description

HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

NVDhp/network_node_manager_i6 versions+5

Patches

Patch: h20566.www2.hpe.comPatch: h20566.www2.hpe.com

🔴Vulnerability Details

3
GHSA
GHSA-rfwg-vh7q-8gch: HPE Network Node Manager i (NNMi) 92022-05-17
Kernel
namei: allow restricted O_CREAT of FIFOs and regular files2018-08-23
CVEList
CVE-2016-2009: HPE Network Node Manager i (NNMi) 92016-05-07

💥Exploits & PoCs

5
Exploit-DB
IBM AIX 5.3/6.1/7.1/7.2 - 'lquerylv' Local Privilege Escalation2016-11-04
Exploit-DB
Easy RM to MP3 Converter 2.7.3.700 - '.m3u' File (Universal ASLR + DEP Bypass)2016-06-13
Exploit-DB
Konica Minolta FTP Utility 1.00 - CWD Command Overflow (SEH)2016-01-11
Exploit-DB
Joomla! Component Akobook 2.3 - 'gbid' SQL Injection2009-06-09
Exploit-DB
Virtue Shopping Mall - 'cid' SQL Injection2009-06-08

📋Vendor Advisories

3
Red Hat
kernel: Buffer overflow in firewire driver via crafted incoming packets2016-11-06
Red Hat
httpd: Billion laughs attack regression2016-08-04
Red Hat
squid: Cache poisoning issue in HTTP Request handling2016-05-06

💬Community

2
Bugzilla
CVE-2016-6312 apr-util, httpd: Billion laughs attack regression2016-08-04
Bugzilla
CVE-2016-4553 squid: Cache poisoning issue in HTTP Request handling2016-05-09
CVE-2016-2009 (HIGH CVSS 8.8) | HPE Network Node Manager i (NNMi) 9 | cvebase.io