HPE Network Node Manager任意命令执行漏洞(CVE-2016-2009)


HPE Network Node Manager任意命令执行漏洞(CVE-2016-2009)


发布日期:2016-05-07
更新日期:2016-05-09

受影响系统:

HP Network Node Manager i 9.25
HP Network Node Manager i 9.24
HP Network Node Manager i 9.23
HP Network Node Manager i 9.20
HP Network Node Manager i 10.01
HP Network Node Manager i 10.00

描述:

CVE(CAN) ID: CVE-2016-2009

HP Network Node Manager i-series (NNMi)软件可提供强大的开箱即用功能,帮助您的网络运行团队高效管理任意规模的网络。

HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, 10.01存在任意命令执行漏洞, 可使经身份验证的远程用户通过构造的序列化Java对象, 执行任意命令。

<*来源:HP
 
  链接:https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05103564
*>

建议:

厂商补丁:

HP
--
HP已经为此发布了一个安全公告(HPSBMU03584)以及相应补丁:
HPSBMU03584:HPE Network Node Manager I (NNMi), Multiple Remote Vulnerabilities
链接:https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05103564

补丁下载:


NNMi version 9.2x

注意:要求安装 9.2x series patch 5

Windows

https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetsearch/document/KM02020463

Linux

https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetsearch/document/LID/NNM920L_00022

HP-UX

https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetsearch/document/LID/NNM920H_00022

Solaris

https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetsearch/document/KM02020460

NNMi version 10.0x

Windows

https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetsearch/document/KM01865498

Linux

https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetsearch/document/KM01865484

本文永久更新链接地址

相关内容