CVE-2016-4377 — HIGH (8.1) — White Hats Nepal

Q: How severe is CVE-2016-4377?

CVE-2016-4377 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2016-4377?

Check the references section above for vendor advisories and patch information. Affected products include: Hp Converged Infrastructure Solution Sizer Suite, Hp Insight Management Sizer, Hp Power Advisor, Hp Sap Sizing Tool, Hp Sizer For Converged Systems Virtualization.

Vulnerability Description

HPE Smart Update in Storage Sizing Tool before 13.0, Converged Infrastructure Solution Sizer Suite (CISSS) before 2.13.1, Power Advisor before 7.8.2, Insight Management Sizer before 16.12.1, Synergy Planning Tool before 3.3, SAP Sizing Tool before 16.12.1, Sizing Tool for SAP Business Suite powered by HANA before 16.11.1, Sizer for ConvergedSystems Virtualization before 16.7.1, Sizer for Microsoft Exchange Server before 16.12.1, Sizer for Microsoft Lync Server 2013 before 16.12.1, Sizer for Microsoft SharePoint 2013 before 16.13.1, Sizer for Microsoft SharePoint 2010 before 16.11.1, and Sizer for Microsoft Skype for Business Server 2015 before 16.5.1 allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS Score

8.1

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Hp	Converged Infrastructure Solution Sizer Suite	<= 2.13.0
Hp	Insight Management Sizer	<= 16.12.0
Hp	Power Advisor	<= 7.8.1
Hp	Sap Sizing Tool	<= 16.12.0
Hp	Sizer For Converged Systems Virtualization	<= 16.7.0
Hp	Sizer For Microsoft Exchange Server 2010	<= 16.12.0
Hp	Sizer For Microsoft Exchange Server 2013	<= 16.12.0
Hp	Sizer For Microsoft Exchange Server 2016	<= 16.12.0
Hp	Sizer For Microsoft Lync Server 2013	<= 16.12.0
Hp	Sizer For Microsoft Sharepoint 2010	<= 16.11.0
Hp	Sizer For Microsoft Sharepoint 2013	<= 16.13.0
Hp	Sizer For Microsoft Skype For Business Server 2015	<= 16.5.0
Hp	Sizing Tool For Sap Business Suite Powered By Hana	<= 16.11.0
Hp	Storage Sizing Tool	<= 13.0
Hp	Synergy Planning Tool	<= 3.2

References

http://www.securityfocus.com/bid/92479
https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05237578MitigationVendor Advisory
http://www.securityfocus.com/bid/92479
https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05237578MitigationVendor Advisory

FAQ

What is CVE-2016-4377?

CVE-2016-4377 is a vulnerability with a CVSS score of 8.1 (HIGH). HPE Smart Update in Storage Sizing Tool before 13.0, Converged Infrastructure Solution Sizer Suite (CISSS) before 2.13.1, Power Advisor before 7.8.2, Insight Management Sizer before 16.12.1, Synergy P...

How severe is CVE-2016-4377?

CVE-2016-4377 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-4377?

Check the references section above for vendor advisories and patch information. Affected products include: Hp Converged Infrastructure Solution Sizer Suite, Hp Insight Management Sizer, Hp Power Advisor, Hp Sap Sizing Tool, Hp Sizer For Converged Systems Virtualization.