HP OpenView Network Node Manager Remote Execution of Arbitrary Code (HPSBMA02621 SSRT100352)

Critical Nessus Plugin ID 51645

Plugin Details

Severity: Critical

ID: 51645

File Name: openview_nnm_execvp_nc.nasl

Version: 1.13

Type: remote

Family: CGI abuses

Published: 2011/01/21

Updated: 2018/11/15

Dependencies: 10107

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: false

Exploit Ease: No exploit is required

Patch Publication Date: 2011/01/10

Vulnerability Publication Date: 2010/07/20

Exploitable With

Core Impact

Metasploit (HP OpenView NNM nnmRptConfig.exe schdParams Buffer Overflow)

Reference Information

CVE: CVE-2010-2703, CVE-2011-0261, CVE-2011-0262, CVE-2011-0263, CVE-2011-0264, CVE-2011-0265, CVE-2011-0266, CVE-2011-0267, CVE-2011-0268, CVE-2011-0269, CVE-2011-0270, CVE-2011-0271

BID: 41829, 45762

EDB-ID: 17028, 17038