HP OpenView Network Node Manager 'execvp_nc()' Code Execution Vulnerability Network Vulnerability

Summary

HP OpenView Network Node Manager (OV NNM) is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code with SYSTEM- level privileges. Successful exploits will completely compromise affected computers. The issue affects HP OpenView Network Node Manager versions 7.51 and 7.53 running on the Windows platform.

Solution

Updates are available. Please see the references for details.

References

http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286088
http://www.exploit-db.com/moaub-6-hp-openview-nnm-webappmon-exe-execvp_nc-remote-code-execution/
http://www.securityfocus.com/archive/1/512543
http://www.zerodayinitiative.com/advisories/ZDI-10-137/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+ZDI-Published-Advisories+%28Zero+Day+Initiative+Published+Advisories%29
https://www.securityfocus.com/bid/41829

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2703
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Apache Tomcat /servlet Cross Site Scripting
Apache Struts2 'URL' & 'Anchor' tags Arbitrary Java Method Execution Vulnerabilities
Arkeia Appliance Path Traversal Vulnerability
Admin News Tools Multiple Vulnerabilities
ApPHP MicroBlog Remote Code Execution Vulnerability

Take action and discover your vulnerabilities