PT-2016-7500 · Hewlett Packard · Hpe Network Automation

Published

2016-11-30

Updated

2018-03-13

CVE-2016-8511

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions HPE Network Automation versions v9.1x through v10.20

Description A Remote Code Execution issue was found in HPE Network Automation, related to the use of RPCServlet and Java Deserialization.

Recommendations For versions v9.1x through v10.20, update to a version that includes a fix for this issue. As a temporary workaround, consider restricting access to the RPCServlet to minimize the risk of exploitation.

Fix

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

CVE-2016-8511

ZDI-16-616

Affected Products

Hpe Network Automation

PT-2016-7500 · Hewlett Packard · Hpe Network Automation

CVE-2016-8511

Weakness Enumeration

Related Identifiers

Affected Products

References · 6