HP OpenView Network Node Manager Multiple Vulnerabilities

Critical Nessus Plugin ID 42879


A database service on the remote Windows host is affected by multiple vulnerabilities.


The version of HP OpenView Network Node Manager (NNM) installed on the remote Windows host is affected by multiple vulnerabilities :

- The embedded DB service is affected by a denial of service vulnerability that is triggered when it receives a packet with an error code of less than -1. An unauthenticated, remote attacker can exploit this to crash the service. (CVE-2009-3840)

- An unspecified flaw exists that allows an unauthenticated, remote attacker to execute arbitrary code. No other details are available. (CVE-2010-2710)

This plugin only checks OpenView NNM running on Windows, though other platforms are affected.


Apply the patch referenced in the vendor advisory.

See Also



Plugin Details

Severity: Critical

ID: 42879

File Name: hp_nnm_soliddb_dos.nasl

Version: $Revision: 1.12 $

Type: local

Agent: windows

Family: Windows

Published: 2009/11/24

Modified: 2016/11/18

Dependencies: 13855, 10456

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C


Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:hp:openview_network_node_manager

Required KB Items: SMB/login, SMB/password, SMB/name, SMB/transport, SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2009/11/17

Vulnerability Publication Date: 2009/11/17

Reference Information

CVE: CVE-2009-3840, CVE-2010-2710

BID: 37046, 42636

OSVDB: 60200, 67328

Secunia: 37376

HP: emr_na-c01926980, HPSBMA02477, SSRT090177

EDB-ID: 10176