This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.
The version of HP Network Node Manager running on the remote host is
affected by multiple code execution vulnerabilities.
The installed version of HP Network Node Manager is affected by the
following vulnerabilities :
- A remote code execution vulnerability exists because
the 'nnmRptConfig.exe' CGI application does not
adequately validate user-supplied input. (CVE-2011-3165)
- A remote code execution vulnerability exists within
ov.dll. Insufficient boundary checking before supplying
the value to a format string within _OVBuildPath can
cause a stack overflow, leading to memory corruption,
which could allow an attacker to execute arbitrary code
within the context of the target service. (CVE-2011-3166)
- A remote code execution vulnerability exists within the
webappmon.exe CGI program. The vulnerability is due an
insufficient boundary check before supplying a format
string with the values. This causes a stack overflow,
which can lead to memory corruption that can be
exploited to execute arbitrary code within the context
of the target service. (CVE-2011-3167)
See also :
Upgrade to B.07.53 Patchlevel NNM_01213 or its equivalent.
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.3
Public Exploit Available : true
Family: Gain a shell remotely
Nessus Plugin ID: 58516 ()
Bugtraq ID: 5047151049
CVE ID: CVE-2011-3165CVE-2011-3166CVE-2011-3167
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.