Summary
HP OpenView Network Node Manager is prone to multiple remote code- execution vulnerabilities.
Successful exploits may allow an attacker to execute arbitrary code with the privileges of the user running the application's webserver.
Failed exploit attempts will likely result in denial-of-service conditions.
OpenView Network Node Manager 7.51 and 7.53 are vulnerable.
Solution
Updates are available. Please see the references for details.
References
- http://openview.hp.com/
- http://www.securityfocus.com/archive/1/515628
- http://www.zerodayinitiative.com/advisories/ZDI-11-003/
- http://www.zerodayinitiative.com/advisories/ZDI-11-004/
- http://www.zerodayinitiative.com/advisories/ZDI-11-005/
- http://www.zerodayinitiative.com/advisories/ZDI-11-006/
- http://www.zerodayinitiative.com/advisories/ZDI-11-007/
- http://www.zerodayinitiative.com/advisories/ZDI-11-008/
- http://www.zerodayinitiative.com/advisories/ZDI-11-009/
- http://www.zerodayinitiative.com/advisories/ZDI-11-010/
- http://www.zerodayinitiative.com/advisories/ZDI-11-011/
- http://www.zerodayinitiative.com/advisories/ZDI-11-012/
- https://www.securityfocus.com/bid/45762
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2011-0261, CVE-2011-0262, CVE-2011-0263, CVE-2011-0264, CVE-2011-0265, CVE-2011-0266, CVE-2011-0267, CVE-2011-0268, CVE-2011-0269, CVE-2011-0270, CVE-2011-0271 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe ColdFusion Multiple Vulnerabilities-02 May-2014
- ArticleSetup Multiple Cross-Site Scripting and SQL Injection Vulnerabilities
- Advantech Studio 'NTWebServer.exe' Directory Traversal Vulnerability
- Alcatel-Lucent OmniPCX Enterprise Remote Command Execution Vulnerability
- Apple Safari RSS Feed Information Disclosure Vulnerability