Vulnerability Details : CVE-2016-4377
HPE Smart Update in Storage Sizing Tool before 13.0, Converged Infrastructure Solution Sizer Suite (CISSS) before 2.13.1, Power Advisor before 7.8.2, Insight Management Sizer before 16.12.1, Synergy Planning Tool before 3.3, SAP Sizing Tool before 16.12.1, Sizing Tool for SAP Business Suite powered by HANA before 16.11.1, Sizer for ConvergedSystems Virtualization before 16.7.1, Sizer for Microsoft Exchange Server before 16.12.1, Sizer for Microsoft Lync Server 2013 before 16.12.1, Sizer for Microsoft SharePoint 2013 before 16.13.1, Sizer for Microsoft SharePoint 2010 before 16.11.1, and Sizer for Microsoft Skype for Business Server 2015 before 16.5.1 allows remote attackers to execute arbitrary code via unspecified vectors.
Vulnerability category: Execute code
Exploit prediction scoring system (EPSS) score for CVE-2016-4377
Probability of exploitation activity in the next 30 days: 1.09%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 82 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2016-4377
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
7.6
|
HIGH | AV:N/AC:H/Au:N/C:C/I:C/A:C |
4.9
|
10.0
|
NIST |
|
8.1
|
HIGH | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.2
|
5.9
|
NIST |
References for CVE-2016-4377
-
https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05237578
HPSBGN03634 rev.1 - HPE Enterprise Solution Sizers and Storage Sizer running Smart Update, Remote Arbitrary Code ExecutionMitigation;Vendor Advisory
-
http://www.securityfocus.com/bid/92479
Multiple HP Products CVE-2016-4377 Unspecified Remote Code Execution Vulnerability
Products affected by CVE-2016-4377
- cpe:2.3:a:hp:sizer_for_microsoft_skype_for_business_server_2015:*:*:*:*:*:*:*:*
- cpe:2.3:a:hp:sizer_for_microsoft_sharepoint_2010:*:*:*:*:*:*:*:*
- cpe:2.3:a:hp:sizer_for_microsoft_sharepoint_2013:*:*:*:*:*:*:*:*
- cpe:2.3:a:hp:sizer_for_microsoft_lync_server_2013:*:*:*:*:*:*:*:*
- cpe:2.3:a:hp:sizer_for_microsoft_exchange_server_2010:*:*:*:*:*:*:*:*
- cpe:2.3:a:hp:sizer_for_microsoft_exchange_server_2013:*:*:*:*:*:*:*:*
- cpe:2.3:a:hp:sizer_for_microsoft_exchange_server_2016:*:*:*:*:*:*:*:*
- cpe:2.3:a:hp:sizer_for_converged_systems_virtualization:*:*:*:*:*:*:*:*
- cpe:2.3:a:hp:sizing_tool_for_sap_business_suite_powered_by_hana:*:*:*:*:*:*:*:*
- cpe:2.3:a:hp:sap_sizing_tool:*:*:*:*:*:*:*:*
- cpe:2.3:a:hp:synergy_planning_tool:*:*:*:*:*:*:*:*
- cpe:2.3:a:hp:insight_management_sizer:*:*:*:*:*:*:*:*
- cpe:2.3:a:hp:power_advisor:*:*:*:*:*:*:*:*
- cpe:2.3:a:hp:converged_infrastructure_solution_sizer_suite:*:*:*:*:*:*:*:*
- cpe:2.3:a:hp:storage_sizing_tool:*:*:*:*:*:*:*:*