CVE-2024-13980: CWE-502 Deserialization of Untrusted Data in H3C Group Intelligent Management Center (iMC)
H3C Intelligent Management Center (IMC) versions up to and including E0632H07 contains a remote command execution vulnerability in the /byod/index.xhtml endpoint. Improper handling of JSF ViewState allows unauthenticated attackers to craft POST requests with forged javax.faces.ViewState parameters, potentially leading to arbitrary command execution. This flaw does not require authentication and may be exploited without session cookies. An affected version range is undefined. Exploitation evidence was first observed by the Shadowserver Foundation on 2024-08-28 UTC.
AI Analysis
Technical Summary
H3C Intelligent Management Center (iMC) versions up to E0632H07 contain a remote command execution vulnerability due to improper deserialization of untrusted data (CWE-502) in the JSF ViewState parameter at the /byod/index.xhtml endpoint. Attackers can exploit this by sending forged POST requests with manipulated javax.faces.ViewState values without needing authentication or session cookies. This vulnerability allows arbitrary command execution on the affected system. The affected version range is not fully defined beyond 'up to E0632H07'. The vulnerability has a CVSS 4.0 base score of 10.0, indicating critical severity. No known exploits in the wild have been reported, and no patches or vendor advisories are currently available.
Potential Impact
Successful exploitation results in unauthenticated remote command execution on vulnerable H3C iMC systems, potentially allowing full system compromise. The vulnerability affects versions up to E0632H07 and does not require any user interaction or credentials. This represents a critical security risk for affected deployments.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict access to the /byod/index.xhtml endpoint and monitor for suspicious POST requests with unusual javax.faces.ViewState parameters. Consider network-level controls to limit exposure of the iMC management interface to trusted administrators only.
CVE-2024-13980: CWE-502 Deserialization of Untrusted Data in H3C Group Intelligent Management Center (iMC)
Description
H3C Intelligent Management Center (IMC) versions up to and including E0632H07 contains a remote command execution vulnerability in the /byod/index.xhtml endpoint. Improper handling of JSF ViewState allows unauthenticated attackers to craft POST requests with forged javax.faces.ViewState parameters, potentially leading to arbitrary command execution. This flaw does not require authentication and may be exploited without session cookies. An affected version range is undefined. Exploitation evidence was first observed by the Shadowserver Foundation on 2024-08-28 UTC.
CVSS v4.0
Score 10.0critical
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
H3C Intelligent Management Center (iMC) versions up to E0632H07 contain a remote command execution vulnerability due to improper deserialization of untrusted data (CWE-502) in the JSF ViewState parameter at the /byod/index.xhtml endpoint. Attackers can exploit this by sending forged POST requests with manipulated javax.faces.ViewState values without needing authentication or session cookies. This vulnerability allows arbitrary command execution on the affected system. The affected version range is not fully defined beyond 'up to E0632H07'. The vulnerability has a CVSS 4.0 base score of 10.0, indicating critical severity. No known exploits in the wild have been reported, and no patches or vendor advisories are currently available.
Potential Impact
Successful exploitation results in unauthenticated remote command execution on vulnerable H3C iMC systems, potentially allowing full system compromise. The vulnerability affects versions up to E0632H07 and does not require any user interaction or credentials. This represents a critical security risk for affected deployments.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict access to the /byod/index.xhtml endpoint and monitor for suspicious POST requests with unusual javax.faces.ViewState parameters. Consider network-level controls to limit exposure of the iMC management interface to trusted administrators only.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulnCheck
- Date Reserved
- 2025-08-25T18:56:50.272Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 69a979570e5bba37cad8c287
Added to database: 3/5/2026, 12:38:47 PM
Last enriched: 5/16/2026, 9:15:35 AM
Last updated: 6/3/2026, 5:09:12 PM
Views: 137
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.