Arbitrary code execution - CVE-2016-4377
Published: October 11, 2016
Vulnerability identifier: #VU829
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-4377
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor:
Affected software:
Detailed vulnerability description
The vulnerability allows a remote unauthenticated user to invoke arbitrary code execution on the target system.
The weakness occurs in HPE Enterprise Solution Sizers and Storage Sizer running Smart Update and lets attackers to cause arbitrary code to be executed.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
The weakness occurs in HPE Enterprise Solution Sizers and Storage Sizer running Smart Update and lets attackers to cause arbitrary code to be executed.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
How to mitigate CVE-2016-4377
Update HPE Storage Sizer to version 13.0 or later.
Update Converged Infrastructure Solution Sizer Suite (CISSS) to version 2.13.1 or later.
Update HPE Insight Management Sizer to version 16.12.1 or later.
Update HPE Power Advisor to version 7.8.2 or later.
Update HPE Synergy Planning Tool to version 3.3 or later.
Update HPE SAP Sizing Tool to version 16.12.1 or later.
Update HPE Sizing Tool for SAP Business Suite powered By HANA to version 16.11.1 or later.
Update HPE Sizer for ConvergedSystems Virtualization to version 16.7.1 or later.
Update HPE Sizer for Microsoft Exchange Server 2016 to version 16.12.1 or later.
Update HPE Sizer for Microsoft Exchange Server 2013 to version 16.12.1 or later.
Update HPE Sizer for Microsoft Exchange Server 2010 to version 16.12.1 or later.
Update HPE Sizer for Microsoft Lync Server 2013 to version 16.12.1 or later.
Update HPE Sizer for Microsoft SharePoint 2013 to version 16.13.1 or later.
Update HPE Sizer for Microsoft SharePoint 2010 to version 16.11.1 or later.
Update HPE Sizer for Microsoft Skype for Business Server 2015 to version 16.5.1 or later.
Update Converged Infrastructure Solution Sizer Suite (CISSS) to version 2.13.1 or later.
Update HPE Insight Management Sizer to version 16.12.1 or later.
Update HPE Power Advisor to version 7.8.2 or later.
Update HPE Synergy Planning Tool to version 3.3 or later.
Update HPE SAP Sizing Tool to version 16.12.1 or later.
Update HPE Sizing Tool for SAP Business Suite powered By HANA to version 16.11.1 or later.
Update HPE Sizer for ConvergedSystems Virtualization to version 16.7.1 or later.
Update HPE Sizer for Microsoft Exchange Server 2016 to version 16.12.1 or later.
Update HPE Sizer for Microsoft Exchange Server 2013 to version 16.12.1 or later.
Update HPE Sizer for Microsoft Exchange Server 2010 to version 16.12.1 or later.
Update HPE Sizer for Microsoft Lync Server 2013 to version 16.12.1 or later.
Update HPE Sizer for Microsoft SharePoint 2013 to version 16.13.1 or later.
Update HPE Sizer for Microsoft SharePoint 2010 to version 16.11.1 or later.
Update HPE Sizer for Microsoft Skype for Business Server 2015 to version 16.5.1 or later.