HPE Network Node Manager i (NNMi) Multiple Vulnerabilities (HPESBGN03762)

Critical Nessus Plugin ID 101297


An application installed on the remote Windows host is affected by multiple vulnerabilities.


The version of HPE Network Node Manager i (NNMi) installed on the remote Windows host is 10.0x prior to 10.00 Patch 5, 10.1x prior to 10.10 Patch 4, or 10.2x prior to 10.20 Patch 3. It is, therefore, affected by multiple vulnerabilities that allow an unauthenticated, remote attacker to execute arbitrary code, bypass security restrictions, and perform unauthorized actions.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.


Upgrade to HPE Network Node Manager i version 10.00 Patch 5 / 10.10 Patch 4 / 10.20 Patch 3 or later.

See Also


Plugin Details

Severity: Critical

ID: 101297

File Name: hp_nnmi_HPESBGN03762.nasl

Version: $Revision: 1.2 $

Type: local

Agent: windows

Family: Windows

Published: 2017/07/07

Modified: 2017/08/15

Dependencies: 70145

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND


Base Score: 9.8

Temporal Score: 9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:X

Vulnerability Information

CPE: cpe:/a:hp:network_node_manager_i

Required KB Items: installed_sw/HP Network Node Manager i, SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2017/06/30

Vulnerability Publication Date: 2017/06/26

Reference Information

CVE: CVE-2017-8948

BID: 99342

OSVDB: 159918

HP: HPESBGN03762, emr_na-hpesbgn03762en_us

IAVA: 2017-A-0193