CVE-2017-5792
published 2018-02-15CVE-2017-5792: A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found.
PriorityP178critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
34.88%
98.2th percentile
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hewlett_packard_enterprise | intelligent_management_center_plat | — | — |
| hp | intelligent_management_center | — | — |
Detection & IOCsextracted from sources · hover to see the quote
commandjava -cp ysoserial-0.0.6-SNAPSHOT-all.jar ysoserial.exploit.RMIRegistryExploit 192.168.1.100 21195 CommonsBeanutils1 calc.exe↗
- →Monitor for inbound Java RMI traffic on TCP port 21195 targeting HPE iMC PLAT systems, which is the RMI registry port exploited by this vulnerability. ↗
- →Detect exploitation attempts using the ysoserial RMIRegistryExploit module with the CommonsBeanutils1 gadget chain, which is the payload used against this CVE. ↗
- →Look for Java deserialization payloads (ysoserial CommonsBeanutils1 gadget chain) in RMI registry traffic; the exploit abuses Java RMI deserialization to achieve remote code execution on HPE iMC PLAT 7.3 E0504. ↗
- ·The exploit PoC targets iMC PLAT v7.3 (E0504) Standard running on Windows Server 2008 R2 Enterprise 64-bit; exploitation behaviour or port binding may differ on other OS platforms or iMC versions. ↗
- ·The NVD advisory specifies the vulnerable version as iMC PLAT 7.3 E0504P2; the PoC was tested against E0504 (without P2), so patch-level applicability should be verified. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/96769https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03713en_ushttps://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03815en_ushttps://www.exploit-db.com/exploits/43927/https://www.tenable.com/security/research/tra-2017-18https://www.tenable.com/security/research/tra-2018-01http://www.securityfocus.com/bid/96769https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03713en_ushttps://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03815en_ushttps://www.exploit-db.com/exploits/43927/https://www.tenable.com/security/research/tra-2017-18https://www.tenable.com/security/research/tra-2018-01
2018-02-15
Published