CVE-2017-5816

CRITICAL

HPE Intelligent Management Center < 7.3 - Remote Code Execution

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2017-5816. PoCs published by Metasploit, Chris Lyne, sztivi, Chris Lyne, bcoles, including Metasploit module exploits/windows/misc/hp_imc_dbman_restartdb_unauth_rce.

AI-analyzed exploit summary This Metasploit module exploits an unauthenticated remote command execution vulnerability in HPE iMC's dbman service by injecting arbitrary commands via unsanitized database instance IDs. It leverages OpCode 10008 to restart a database instance, allowing SYSTEM-level command execution.

Description

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/43493

This Metasploit module exploits an unauthenticated remote command execution vulnerability in HPE iMC's dbman service by injecting arbitrary commands via unsanitized database instance IDs. It leverages OpCode 10008 to restart a database instance, allowing SYSTEM-level command execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Hewlett Packard Enterprise Intelligent Management Center before 7.3 E0504P04
No auth needed
Prerequisites: Network access to TCP port 2810 · Target running vulnerable HPE iMC version
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Chris Lyne · pythonremotewindows
https://www.exploit-db.com/exploits/43198

This exploit leverages a command injection vulnerability in HP iMC PLAT 7.2 via opcode 10008 in the dbman service. It constructs a malicious ASN.1 message to inject a command that writes the output of 'whoami' to a file.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: HP iMC PLAT v7.2 (E0403) Standard
No auth needed
Prerequisites: Network access to the target's dbman service on port 2810
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by sztivi, Chris Lyne, bcoles · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/hp_imc_dbman_restartdb_unauth_rce.rb

This Metasploit module exploits an unauthenticated RCE vulnerability in HPE iMC's dbman service by sending a crafted RestartDB packet with an unsanitized database instance ID, allowing arbitrary command execution as SYSTEM.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: HPE Intelligent Management Center (iMC) before 7.3 E0504P04
No auth needed
Prerequisites: Network access to TCP port 2810 · Target running vulnerable HPE iMC version
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1038478
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/43198/
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/100470
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/43493/

Scores

CVSS v3 9.8
EPSS 0.8675
EPSS Percentile 99.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-20
Status published
Products (2)
hp/intelligent_management_center 7.3 (3 CPE variants)
hp/intelligent_management_center < 7.3
Published Feb 15, 2018
Tracked Since Feb 18, 2026