CVE-2016-2009
high
CVSS v3
8.8
CVSS v2
6.5
VIR risk
8.8
Description
HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
Predictions
Exploit likelihood
92%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: cve@mitre.org — https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05103564
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| hp | network_node_manager_i | 9.20 | |
| hp | network_node_manager_i | 9.23 | |
| hp | network_node_manager_i | 9.24 | |
| hp | network_node_manager_i | 9.25 | |
| hp | network_node_manager_i | 10.00 | |
| hp | network_node_manager_i | 10.01 | |
References
CWEs
CWE-284
Verify integrity in audit chain (admin only). AS-IS.