HP OpenView Network Node Manager Multiple Code Execution Vulnerabilities (HPSBMU02712 SSRT100649)

critical Nessus Plugin ID 58516
New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it is different from CVSS.

VPR Score: 7.4


The version of HP Network Node Manager running on the remote host is affected by multiple code execution vulnerabilities.


The installed version of HP Network Node Manager is affected by the following vulnerabilities :

- A remote code execution vulnerability exists because the 'nnmRptConfig.exe' CGI application does not adequately validate user-supplied input. (CVE-2011-3165)

- A remote code execution vulnerability exists within ov.dll. Insufficient boundary checking before supplying the value to a format string within _OVBuildPath can cause a stack overflow, leading to memory corruption, which could allow an attacker to execute arbitrary code within the context of the target service. (CVE-2011-3166)

- A remote code execution vulnerability exists within the webappmon.exe CGI program. The vulnerability is due an insufficient boundary check before supplying a format string with the values. This causes a stack overflow, which can lead to memory corruption that can be exploited to execute arbitrary code within the context of the target service. (CVE-2011-3167)


Upgrade to B.07.53 Patchlevel NNM_01213 or its equivalent.

See Also






Plugin Details

Severity: Critical

ID: 58516

File Name: hp_nnm_multiple_code_execution.nasl

Version: 1.12

Type: remote

Published: 3/28/2012

Updated: 11/15/2018

Dependencies: hp_nnm_detect.nbin

Risk Information

Risk Factor: Critical

VPR Score: 7.4

CVSS v2.0

Base Score: 10

Temporal Score: 8.3

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:hp:openview_network_node_manager, cpe:/a:hp:openview_network_node_manager

Required KB Items: hp/hp_nnm

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/1/2011

Vulnerability Publication Date: 11/1/2011

Exploitable With

Metasploit (HP OpenView Network Node Manager ov.dll _OVBuildPath Buffer Overflow)

Reference Information

CVE: CVE-2011-3165, CVE-2011-3166, CVE-2011-3167

BID: 50471, 51049