PT-2010-3226 · Hewlett Packard · Hp Openview Network Node Manager
Mc
·
Published
2010-05-11
·
Updated
2018-10-10
·
CVE-2010-1553
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
HP OpenView Network Node Manager versions 7.01, 7.51, and 7.53
Description
The issue is related to a stack-based buffer overflow in the getnnmdata.exe component. This occurs when an invalid
MaxAge parameter is provided, allowing remote attackers to execute arbitrary code.Recommendations
For HP OpenView Network Node Manager version 7.01, update to a version that fixes the issue.
For HP OpenView Network Node Manager version 7.51, update to a version that fixes the issue.
For HP OpenView Network Node Manager version 7.53, update to a version that fixes the issue.
As a temporary workaround, consider restricting access to the getnnmdata.exe component to minimize the risk of exploitation. Avoid using an invalid
MaxAge parameter in the affected CGI endpoint until the issue is resolved.Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hp Openview Network Node Manager