APP: HPE Network Automation RMI Registry Insecure Deserialization
This signature detects attempts to exploit a known vulnerability in the RMI registry of HPE Network Automation. Successful exploitation would result in the execution of arbitrary code under the context of the RMI registry process.
Extended Description
The RMI service in HP Network Automation Software 9.1x, 9.2x, 10.0x before 10.00.02.01, and 10.1x before 10.11.00.01 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) and Commons BeanUtils libraries.
Affected Products
Hp network_automation
Short Name
APP:HPE-NA-RMI-DESER
Severity
Major
Recommended
False
Recommended Action
None
Category
APP
Keywords
Automation CVE-2016-4385 Deserialization HPE Insecure Network RMI Registry
Release Date
10/06/2016
Supported Platforms
srx-branch-19.3
vsrx3bsd-19.2
srx-19.4
vsrx3bsd-19.4
srx-branch-19.4
vsrx-19.4
vsrx-19.2
srx-19.3
srx-branch-12.3
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx-12.3
vmx-19.3
srx-12.3
Sigpack Version
3647
Port
TCP/6099,9999
False Positive
Rarely
Vendors
Hp
CVSS Score
7.5