Executive Summary
| Summary | |
|---|---|
| Title | HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code |
| Informations | |||
|---|---|---|---|
| Name | HPSBMU02712 SSRT100649 | First vendor Publication | 2011-11-01 |
| Vendor | HP | Last vendor Modification | 2011-11-01 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). The vulnerabilities could be exploited remotely to execute arbitrary code under the context of the user running the web server. |
Original Source
| Url : http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03054052 |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 2 |
SAINT Exploits
| Description | Link |
|---|---|
| HP OpenView Network Node Manager OVBuildPath Overflow | More info here |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2011-12-14 | Name : HP OpenView Network Node Manager Multiple Remote Code Execution Vulnerabilities File : nvt/gb_hp_openview_nnm_50471.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 76775 | HP OpenView Network Node Manager Unspecified Remote Code Execution (2011-3167) HP OpenView Network Node Manager contains an unspecified flaw that may allow a remote attacker to execute arbitrary code. No further details have been provided. |
| 76774 | HP OpenView Network Node Manager Unspecified Remote Code Execution (2011-3166) HP OpenView Network Node Manager contains an unspecified flaw that may allow a remote attacker to execute arbitrary code. No further details have been provided. |
| 76773 | HP OpenView Network Node Manager Unspecified Remote Code Execution (2011-3165) HP OpenView Network Node Manager contains an unspecified flaw that may allow a remote attacker to execute arbitrary code. No further details have been provided. |
Information Assurance Vulnerability Management (IAVM)
| Date | Description |
|---|---|
| 2011-11-10 | IAVM : 2011-B-0138 - Multiple Vulnerabilities in HP OpenView Network Node Manager Severity : Category I - VMSKEY : V0030610 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-11-16 | Hp OpenView CGI parameter buffer overflow attempt RuleID : 31375 - Revision : 3 - Type : SERVER-WEBAPP |
| 2014-03-06 | HP OpenView CGI parameter buffer overflow attempt RuleID : 29502 - Revision : 3 - Type : SERVER-WEBAPP |
| 2014-01-10 | HP OpenView CGI parameter buffer overflow attempt RuleID : 24693 - Revision : 7 - Type : SERVER-WEBAPP |
| 2014-01-10 | HP OpenView CGI parameter buffer overflow attempt RuleID : 16674 - Revision : 16 - Type : SERVER-WEBAPP |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2012-03-28 | Name : The version of HP Network Node Manager running on the remote host is affected... File : hp_nnm_multiple_code_execution.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:38:18 |
|
