cbcvebase.
CVE-2017-5792
published 2018-02-15

CVE-2017-5792: A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found.

PriorityP178critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
34.88%
98.2th percentile
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found.

Affected

2 ranges
VendorProductVersion rangeFixed in
hewlett_packard_enterpriseintelligent_management_center_plat
hpintelligent_management_center

Detection & IOCsextracted from sources · hover to see the quote

port21195
commandjava -cp ysoserial-0.0.6-SNAPSHOT-all.jar ysoserial.exploit.RMIRegistryExploit 192.168.1.100 21195 CommonsBeanutils1 calc.exe
  • Monitor for inbound Java RMI traffic on TCP port 21195 targeting HPE iMC PLAT systems, which is the RMI registry port exploited by this vulnerability.
  • Detect exploitation attempts using the ysoserial RMIRegistryExploit module with the CommonsBeanutils1 gadget chain, which is the payload used against this CVE.
  • Look for Java deserialization payloads (ysoserial CommonsBeanutils1 gadget chain) in RMI registry traffic; the exploit abuses Java RMI deserialization to achieve remote code execution on HPE iMC PLAT 7.3 E0504.
  • ·The exploit PoC targets iMC PLAT v7.3 (E0504) Standard running on Windows Server 2008 R2 Enterprise 64-bit; exploitation behaviour or port binding may differ on other OS platforms or iMC versions.
  • ·The NVD advisory specifies the vulnerable version as iMC PLAT 7.3 E0504P2; the PoC was tested against E0504 (without P2), so patch-level applicability should be verified.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.