Sign-up

ID

VAR-201609-0439


CVE

CVE-2016-4385


TITLE

HP Network Automation Java Deserialization Remote code execution vulnerability

Trust: 0.8

sources: IVD: 1bb1d221-024b-4b31-b820-29a903286677 // CNVD: CNVD-2016-08069

DESCRIPTION

The RMI service in HP Network Automation Software 9.1x, 9.2x, 10.0x before 10.00.02.01, and 10.1x before 10.11.00.01 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) and Commons BeanUtils libraries. Supplementary information : CWE Vulnerability type by CWE-502: Deserialization of Untrusted Data ( Deserialization of unreliable data ) Has been identified. http://cwe.mitre.org/data/definitions/502.htmlSkillfully crafted serialized by a third party Java An arbitrary command may be executed through the object. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Network Automation. Authentication is not required to exploit this vulnerability.The specific flaw exists within an exposed RMI registry on TCP port 6099. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process. HP Network Automation automates the entire operational lifecycle of network devices, from configuration to policy-based change management, compliance, and security management. HP Network Automation versions 9.1x, 9.2x, 10.0x, 10.1x are affected

Trust: 3.33

sources: NVD: CVE-2016-4385 // JVNDB: JVNDB-2016-005047 // ZDI: ZDI-16-523 // CNVD: CNVD-2016-08069 // BID: 93109 // IVD: 1bb1d221-024b-4b31-b820-29a903286677 // VULMON: CVE-2016-4385

IOT TAXONOMY

category:['IoT', 'ICS']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: 1bb1d221-024b-4b31-b820-29a903286677 // CNVD: CNVD-2016-08069

AFFECTED PRODUCTS

vendor:hpmodel:network automationscope:eqversion:9.10

Trust: 2.5

vendor:hpmodel:network automationscope:eqversion:9.20

Trust: 2.5

vendor:hpmodel:network automationscope:eqversion:9.22

Trust: 2.5

vendor:hpmodel:network automationscope:eqversion:10.00

Trust: 1.6

vendor:hpmodel:network automationscope:eqversion:10.10

Trust: 1.6

vendor:hpmodel:network automationscope:eqversion:10.00.01

Trust: 1.6

vendor:hpmodel:network automationscope:eqversion:9.22.02

Trust: 1.6

vendor:hpmodel:network automationscope:eqversion:9.22.01

Trust: 1.6

vendor:hpmodel:network automationscope:eqversion:10.00.02

Trust: 1.6

vendor:hpmodel:network automationscope:eqversion:10.11

Trust: 1.6

vendor:hpmodel:network automationscope:eqversion:9.10.2

Trust: 0.9

vendor:hpmodel:network automationscope:eqversion:9.2

Trust: 0.9

vendor:hpmodel:network automationscope:eqversion:10.1

Trust: 0.9

vendor:hpmodel:network automationscope:eqversion:10.0

Trust: 0.9

vendor:hewlett packardmodel:hp network automationscope:ltversion:10.0x

Trust: 0.8

vendor:hewlett packardmodel:hp network automationscope:ltversion:10.1x

Trust: 0.8

vendor:hewlett packardmodel:hp network automationscope:eqversion:9.2x

Trust: 0.8

vendor:hewlett packardmodel:hp network automationscope:eqversion:10.00.02.01

Trust: 0.8

vendor:hewlett packardmodel:hp network automationscope:eqversion:9.1x

Trust: 0.8

vendor:hewlett packardmodel:hp network automationscope:eqversion:10.11.00.01

Trust: 0.8

vendor:hewlett packardmodel:network automationscope: - version: -

Trust: 0.7

vendor:hpmodel:network automationscope:neversion:10.20

Trust: 0.3

vendor:hpmodel:network automationscope:neversion:10.11

Trust: 0.3

vendor:network automationmodel: - scope:eqversion:9.10

Trust: 0.2

vendor:network automationmodel: - scope:eqversion:9.20

Trust: 0.2

vendor:network automationmodel: - scope:eqversion:9.22

Trust: 0.2

vendor:network automationmodel: - scope:eqversion:9.22.01

Trust: 0.2

vendor:network automationmodel: - scope:eqversion:9.22.02

Trust: 0.2

vendor:network automationmodel: - scope:eqversion:10.00

Trust: 0.2

vendor:network automationmodel: - scope:eqversion:10.00.01

Trust: 0.2

vendor:network automationmodel: - scope:eqversion:10.00.02

Trust: 0.2

vendor:network automationmodel: - scope:eqversion:10.10

Trust: 0.2

vendor:network automationmodel: - scope:eqversion:10.11

Trust: 0.2

sources: IVD: 1bb1d221-024b-4b31-b820-29a903286677 // ZDI: ZDI-16-523 // CNVD: CNVD-2016-08069 // BID: 93109 // JVNDB: JVNDB-2016-005047 // CNNVD: CNNVD-201609-576 // NVD: CVE-2016-4385

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-4385
value: HIGH

Trust: 1.0

NVD: CVE-2016-4385
value: HIGH

Trust: 0.8

ZDI: CVE-2016-4385
value: HIGH

Trust: 0.7

CNVD: CNVD-2016-08069
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201609-576
value: HIGH

Trust: 0.6

IVD: 1bb1d221-024b-4b31-b820-29a903286677
value: HIGH

Trust: 0.2

VULMON: CVE-2016-4385
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-4385
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 2.6

CNVD: CNVD-2016-08069
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 1bb1d221-024b-4b31-b820-29a903286677
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2016-4385
baseSeverity: HIGH
baseScore: 7.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 3.4
version: 3.0

Trust: 1.8

sources: IVD: 1bb1d221-024b-4b31-b820-29a903286677 // ZDI: ZDI-16-523 // CNVD: CNVD-2016-08069 // VULMON: CVE-2016-4385 // JVNDB: JVNDB-2016-005047 // CNNVD: CNNVD-201609-576 // NVD: CVE-2016-4385

PROBLEMTYPE DATA

problemtype:CWE-502

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2016-005047 // NVD: CVE-2016-4385

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201609-576

TYPE

other

Trust: 0.8

sources: IVD: 1bb1d221-024b-4b31-b820-29a903286677 // CNNVD: CNNVD-201609-576

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-005047

PATCH
title:HPSBGN03649url:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05279098
Trust: 0.8
title:Hewlett Packard Enterprise has issued an update to correct this vulnerability.url:https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05279098
Trust: 0.7
title:Patch for HP Network Automation Java Deserialization Remote Code Execution Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/81675
Trust: 0.6
title:HPE Network Automation Apache Commons-Collections  and Commons-BeanUtils Fixes for library remote code execution vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=64297
Trust: 0.6
title:Java-Deserialization-Cheat-Sheeturl:https://github.com/klausware/Java-Deserialization-Cheat-Sheet 
Trust: 0.1
title:Java-Deserialization-Cheat-Sheeturl:https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet 
Trust: 0.1
title:Java-Deserialization-CVEsurl:https://github.com/PalindromeLabs/Java-Deserialization-CVEs 
Trust: 0.1
sources:
            
            
            ZDI: ZDI-16-523 // 
            
            
            
            CNVD: CNVD-2016-08069 // 
            
            
            
            VULMON: CVE-2016-4385 // 
            
            
            
            JVNDB: JVNDB-2016-005047 // 
            
            
            
            CNNVD: CNNVD-201609-576

EXTERNAL IDS
db:NVDid:CVE-2016-4385
Trust: 4.3
db:BIDid:93109
Trust: 2.6
db:ZDIid:ZDI-16-523
Trust: 2.1
db:TENABLEid:TRA-2016-27
Trust: 1.1
db:CNVDid:CNVD-2016-08069
Trust: 0.8
db:CNNVDid:CNNVD-201609-576
Trust: 0.8
db:JVNDBid:JVNDB-2016-005047
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-3728
Trust: 0.7
db:IVDid:1BB1D221-024B-4B31-B820-29A903286677
Trust: 0.2
db:VULMONid:CVE-2016-4385
Trust: 0.1
sources:
            
            
            IVD: 1bb1d221-024b-4b31-b820-29a903286677 // 
            
            
            
            ZDI: ZDI-16-523 // 
            
            
            
            CNVD: CNVD-2016-08069 // 
            
            
            
            VULMON: CVE-2016-4385 // 
            
            
            
            BID: 93109 // 
            
            
            
            JVNDB: JVNDB-2016-005047 // 
            
            
            
            CNNVD: CNNVD-201609-576 // 
            
            
            
            NVD: CVE-2016-4385

REFERENCES
url:http://www.securityfocus.com/bid/93109
Trust: 2.3
url:http://www.zerodayinitiative.com/advisories/zdi-16-523/
Trust: 1.4
url:https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05279098
Trust: 1.1
url:https://www.tenable.com/security/research/tra-2016-27
Trust: 1.1
url:https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05279098
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4385
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4385
Trust: 0.8
url:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05279098
Trust: 0.6
url:http://www.hp.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/502.html
Trust: 0.1
url:http://tools.cisco.com/security/center/viewalert.x?alertid=48999
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://github.com/grrrdog/java-deserialization-cheat-sheet
Trust: 0.1
sources:
            
            
            ZDI: ZDI-16-523 // 
            
            
            
            CNVD: CNVD-2016-08069 // 
            
            
            
            VULMON: CVE-2016-4385 // 
            
            
            
            BID: 93109 // 
            
            
            
            JVNDB: JVNDB-2016-005047 // 
            
            
            
            CNNVD: CNNVD-201609-576 // 
            
            
            
            NVD: CVE-2016-4385

CREDITS
Jacob Baines - Tenable Network Security
Trust: 1.6
sources:
            
            
            ZDI: ZDI-16-523 // 
            
            
            
            BID: 93109 // 
            
            
            
            CNNVD: CNNVD-201609-576

SOURCES
db:IVDid:1bb1d221-024b-4b31-b820-29a903286677
db:ZDIid:ZDI-16-523
db:CNVDid:CNVD-2016-08069
db:VULMONid:CVE-2016-4385
db:BIDid:93109
db:JVNDBid:JVNDB-2016-005047
db:CNNVDid:CNNVD-201609-576
db:NVDid:CVE-2016-4385

LAST UPDATE DATE
2025-04-13T23:17:51.895000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-16-523date:2016-09-21T00:00:00
db:CNVDid:CNVD-2016-08069date:2016-09-26T00:00:00
db:VULMONid:CVE-2016-4385date:2018-02-17T00:00:00
db:BIDid:93109date:2016-09-23T00:01:00
db:JVNDBid:JVNDB-2016-005047date:2016-12-05T00:00:00
db:CNNVDid:CNNVD-201609-576date:2016-09-30T00:00:00
db:NVDid:CVE-2016-4385date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:IVDid:1bb1d221-024b-4b31-b820-29a903286677date:2016-09-26T00:00:00
db:ZDIid:ZDI-16-523date:2016-09-21T00:00:00
db:CNVDid:CNVD-2016-08069date:2016-09-26T00:00:00
db:VULMONid:CVE-2016-4385date:2016-09-29T00:00:00
db:BIDid:93109date:2016-09-21T00:00:00
db:JVNDBid:JVNDB-2016-005047date:2016-10-04T00:00:00
db:CNNVDid:CNNVD-201609-576date:2016-09-23T00:00:00
db:NVDid:CVE-2016-4385date:2016-09-29T14:59:00.177