CVE-2017-12557
Description
Unauthenticated Java deserialization in HPE iMC PLAT before 7.3 E0504P2 allows remote code execution as SYSTEM via the WebDMDebugServlet.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Unauthenticated Java deserialization in HPE iMC PLAT before 7.3 E0504P2 allows remote code execution as SYSTEM via the WebDMDebugServlet.
Vulnerability
CVE-2017-12557 is a remote code execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier. The flaw exists within the WebDMDebugServlet, which listens on TCP ports 8080 and 8443 by default. The issue results from the lack of proper validation of user-supplied data, which can lead to deserialization of untrusted data. Attackers can send crafted serialized Java objects to the servlet, leading to arbitrary code execution. [1]
Exploitation
Authentication is not required to exploit this vulnerability. An attacker with network access to the iMC server can send a malicious serialized Java object to the WebDMDebugServlet endpoint. Metasploit module HP Intelligent Management Java Deserialization RCE leverages the ysoserial JSON1 payload to trigger the deserialization and execute arbitrary commands. The exploit is rated as ExcellentRanking by the Metasploit framework. [1]
Impact
Successful exploitation allows a remote, unauthenticated attacker to execute arbitrary code in the context of the SYSTEM account. This grants full control over the affected iMC server, including the ability to install programs, modify data, or create new accounts with full user rights. The impact is total compromise of the application and underlying host. [1]
Mitigation
HPE has released a fix. The vulnerability is addressed in HPE iMC PLAT version 7.3 E0504P3 and later. Users should upgrade to this or a newer version. If upgrading is not immediately possible, network access to the WebDMDebugServlet endpoints (8080, 8443) should be restricted. The vulnerability is publicly documented in the Zero Day Initiative advisory ZDI-17-832. [1]
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Hewlett Packard Enterprise/intelligent Management Center (iMC) PLATv5Range: IMC Plat 7.3 E0504P2 and earlier
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Lack of proper validation of user-supplied data allows deserialization of untrusted Java objects in WebDMDebugServlet."
Attack vector
An unauthenticated remote attacker sends a crafted POST request containing a serialized Java object to the `/imc/topo/WebDMDebugServlet` endpoint [ref_id=1]. The application deserializes the untrusted data without validation, which can trigger a chain of Java gadgets (ysoserial JSON1 payload) that ultimately executes arbitrary code [ref_id=1]. The exploit runs in the context of SYSTEM on the Windows host, and no authentication is required [ref_id=1].
Affected code
The vulnerability resides in the WebDMDebugServlet, which listens on TCP ports 8080 and 8443 by default within HPE Intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier [ref_id=1]. The specific flaw is the lack of proper validation of user-supplied data sent to this servlet [ref_id=1].
What the fix does
The advisory does not include a patch diff or specific remediation code. HPE's recommended fix is to upgrade to a version newer than IMC Plat 7.3 E0504P2 [ref_id=1]. The underlying issue is the absence of input validation on deserialized data in WebDMDebugServlet, so a proper fix would involve either removing the servlet, adding a deserialization whitelist, or implementing authentication and integrity checks on incoming serialized streams [ref_id=1].
Preconditions
- authNo authentication required
- configTarget must be HPE IMC PLAT version 7.3 E0504P2 or earlier
- networkAttacker must be able to send HTTP POST requests to port 8080 or 8443
- inputAttacker must supply a crafted Java serialized object as the POST body
Reproduction
The public exploit at Exploit-DB (45952) is a Metasploit module. To reproduce: 1) Start msfconsole and `use exploit/multi/http/hp_imc_webdmdeserialization` (or load the module from the provided source). 2) Set `RHOSTS` to the target IP and `RPORT` to 8080 (or 8443). 3) Set `TARGETURI` to `/imc`. 4) Run `check` to verify the vulnerability via a synchronous sleep deserialization test. 5) Run `exploit` to deliver a ysoserial JSON1 payload that executes arbitrary commands as SYSTEM [ref_id=1].
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4- www.exploit-db.com/exploits/45952/mitreexploitx_refsource_EXPLOIT-DB
- www.securityfocus.com/bid/101152mitrevdb-entryx_refsource_BID
- www.securitytracker.com/id/1039495mitrevdb-entryx_refsource_SECTRACK
- support.hpe.com/hpsc/doc/public/displaymitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.