Vulnerability Name:

CVE-2008-1697 (CCN-41600)

Assigned:2008-04-02
Published:2008-04-02
Updated:2017-09-29
Summary:Stack-based buffer overflow in ovwparser.dll in HP OpenView Network Node Manager (OV NNM) 7.53, 7.51, and earlier allows remote attackers to execute arbitrary code via a long URI in an HTTP request processed by ovas.exe, as demonstrated by a certain topology/homeBaseView request.
Note: some of these details are obtained from third party information.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
8.3 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
8.3 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-119
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2008-1697

Source: CCN
Type: HP Security Bulletin HPSBMA02348 SSRT080033 rev.1
HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code, Denial of Service (DoS)

Source: HP
Type: UNKNOWN
SSRT080033

Source: CCN
Type: SA29641
HP OpenView Network Node Manager Buffer Overflow Vulnerability

Source: SECUNIA
Type: Vendor Advisory
29641

Source: CCN
Type: SECTRACK ID: 1019782
HP OpenView Network Node Manager Buffer Overflow in OVAS.EXE Lets Remote Users Execute Arbitrary Code

Source: MISC
Type: Exploit
http://www.offensive-security.com/0day/hp-nnm-ov.py.txt

Source: CCN
Type: OSVDB ID: 43992
HP OpenView Network Node Manager (OV NNM) oavs.exe ovwparser.dll HTTP GET Request Remote Overflow

Source: BID
Type: Exploit, Patch
28569

Source: CCN
Type: BID-28569
HP OpenView Network Node Manager 'OVAS.EXE' Buffer Overflow Vulnerability

Source: SECTRACK
Type: UNKNOWN
1019782

Source: VUPEN
Type: Vendor Advisory
ADV-2008-1085

Source: XF
Type: UNKNOWN
hpopenview-ovas-bo(41600)

Source: XF
Type: UNKNOWN
hpopenview-ovas-bo(41600)

Source: CCN
Type: HP Web site
HP Network Node Manager (NNM) Advanced Edition software

Source: EXPLOIT-DB
Type: UNKNOWN
5342

Vulnerable Configuration:Configuration 1:
  • cpe:/a:hp:openview_network_node_manager:7.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:hp:openview_network_node_manager:7.51:*:*:*:*:*:*:*
  • OR cpe:/a:hp:openview_network_node_manager:*:*:*:*:*:*:*:* (Version <= 7.53)

    • Configuration CCN 1:
  • cpe:/a:hp:openview_network_node_manager:7.51:*:*:*:*:*:*:*
  • OR cpe:/a:hp:openview_network_node_manager:7.53:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    hp openview network node manager 7.0.1
    hp openview network node manager 7.51
    hp openview network node manager *
    hp openview network node manager 7.51
    hp openview network node manager 7.53