HP OpenView Network Node Manager Remote Execution of Arbitrary Code (HPSBMA02621 SSRT100352)

critical Nessus Plugin ID 51645

Plugin Details

Severity: Critical

ID: 51645

File Name: openview_nnm_execvp_nc.nasl

Version: 1.14

Type: remote

Family: CGI abuses

Published: 1/21/2011

Updated: 1/19/2021

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:F/RL:OF/RC:C

Vulnerability Information

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Patch Publication Date: 1/10/2011

Vulnerability Publication Date: 7/20/2010

Exploitable With

Core Impact

Metasploit (HP OpenView NNM nnmRptConfig.exe schdParams Buffer Overflow)

Reference Information

CVE: CVE-2010-2703, CVE-2011-0261, CVE-2011-0262, CVE-2011-0263, CVE-2011-0264, CVE-2011-0265, CVE-2011-0266, CVE-2011-0267, CVE-2011-0268, CVE-2011-0269, CVE-2011-0270, CVE-2011-0271

BID: 41829, 45762

EDB-ID: 17028, 17038