HP OpenView Network Node Manager 'execvp_nc()' Code Execution Vulnerability Network Vulnerability

Summary

HP OpenView Network Node Manager (OV NNM) is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code with SYSTEM- level privileges. Successful exploits will completely compromise affected computers. The issue affects HP OpenView Network Node Manager versions 7.51 and 7.53 running on the Windows platform.

Solution

Updates are available. Please see the references for details.

References

http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286088
http://www.exploit-db.com/moaub-6-hp-openview-nnm-webappmon-exe-execvp_nc-remote-code-execution/
http://www.securityfocus.com/archive/1/512543
http://www.zerodayinitiative.com/advisories/ZDI-10-137/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+ZDI-Published-Advisories+%28Zero+Day+Initiative+Published+Advisories%29
https://www.securityfocus.com/bid/41829

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2703

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Apache Struts2 'URL' & 'Anchor' tags Arbitrary Java Method Execution Vulnerabilities
Acute Control Panel SQL Injection Vulnerability and Remote File Include Vulnerability
Awstats Configuration File Remote Arbitrary Command Execution Vulnerability
b2Evolution title SQL Injection
AstroSPACES profile.php SQL Injection Vulnerability

Take action and discover your vulnerabilities