Vulnerability CVE-2010-1553


Published: 2010-05-13   Modified: 2012-02-13

Description:
Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid MaxAge parameter.

See advisories in our WLB2 database:
Topic
Author
Date
High
HP OpenView Network Node Manager Arbitrary Code
HP
24.05.2010
High
HP OpenView Network Node Manager getnnmdata.exe (MaxAge) CGI Buffer Overflow
metasploit
28.03.2011

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

Vendor: HP
Product: Openview network node manager 
Version:
7.53
7.51
7.0.1

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://marc.info/?l=bugtraq&m=127360750704351&w=2
http://securityreason.com/securityalert/8153
http://www.securityfocus.com/archive/1/511241/100/0/threaded
http://zerodayinitiative.com/advisories/ZDI-10-084/

Related CVE
CVE-2019-5407
A remote information disclosure vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
CVE-2019-5406
A remote session reuse vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
CVE-2019-5405
A remote authorization bypass vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
CVE-2019-5404
A remote script injection vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
CVE-2019-5403
A remote multiple cross-site scripting vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
CVE-2019-5402
A remote authorization bypass vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
CVE-2019-5401
A potential security vulnerability has been identified in HP2910al-48G version W.15.14.0016. The attack exploits an xss injection by setting the attack vector in one of the switch persistent configuration fields (management URL, location, contact). B...
CVE-2019-3485
Mitigates a stored cross site scripting issue in ArcSight Logger versions prior to 6.7.1

Copyright 2019, cxsecurity.com

 

Back to Top