## Critical Vulnerability Information ### 1. Vulnerability Attributes - **Title**: HP Storage Essentials Remote Code Execution via Java deserialization - **CVE ID**: CVE-2017-10992 - **CVSSv3 Base Score**: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) - **Vendor**: HP (www.hp.com) - **Product**: HP Storage Essentials 9.5.0.142 (possibly other versions) - **Disclosure Date**: September 19, 2017 - **Disclosure URL**: https://labs.integrity.pt/advisories/cve-2017-10992 - **Discoverer**: Filipe Bernardo ### 2. Vulnerability Summary HP Storage Essentials version 9.5.0.142 is vulnerable to unauthenticated remote code execution when users access the /invoker/JMXInvokerServlet endpoint via Java serialization requests. ### 3. Technical Details HP Storage Essentials exposes a Java web server that allows code execution by sending a Java serialization payload to the Java server endpoint (/invoker/JMXInvokerServlet). Proof-of-concept was demonstrated using the Burp extension "Java SerialKiller" to create a serialized command inject. ### 4. Affected Versions - HP Storage Essentials version 9.5.0.142 (possibly other versions) ### 5. Solution The HP team responded via email stating that this version is no longer receiving updates, and therefore no fix is available. See "6. Workarounds". ### 6. Workarounds - Ensure all access to management pages is controlled by access control lists. - Contact HP for support. ### 7. Vulnerability Timeline - May 18, 2017 - Contacted vendor, reported vulnerability - May 23, 2017 - Vendor responded via email, internal ticket PSRT110461 - May 29, 2017 - Inquired for more details, vendor replied that details were forwarded to internal product engineering - June 19, 2017 - Follow-up inquiry, vendor replied that product team is still analyzing - July 7, 2017 - Vendor responded that the product is no longer supported and the product team will not fix the issue - July 7, 2017 - Emailed MITRE for CVE ID, received CVE-2017-10992 - September 19, 2017 - Vulnerability advisory published ### 8. References - https://softwaresupport.hpe.com/document/-/facetsearch/document/KM01178963