Vulnerability Name:
CVE-2010-1960 (CCN-59249)
Assigned:
2010-06-08
Published:
2010-06-08
Updated:
2018-10-10
Summary:
Buffer overflow in the error handling functionality in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long, invalid option to jovgraph.exe.
CVSS v3 Severity:
10.0 Critical
(CCN CVSS v3.1 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
)
Exploitability Metrics:
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope:
Scope (S):
Changed
Impact Metrics:
Confidentiality (C):
High
Integrity (I):
High
Availibility (A):
High
CVSS v2 Severity:
10.0 High
(CVSS v2 Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
)
8.3 High
(Temporal CVSS v2 Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Authentication (Au):
None
Impact Metrics:
Confidentiality (C):
Complete
Integrity (I):
Complete
Availibility (A):
Complete
10.0 High
(CCN CVSS v2 Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
)
8.3 High
(CCN Temporal CVSS v2 Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Athentication (Au):
None
Impact Metrics:
Confidentiality (C):
Complete
Integrity (I):
Complete
Availibility (A):
Complete
Vulnerability Type:
CWE-119
Vulnerability Consequences:
Gain Access
References:
Source: MITRE
Type: CNA
CVE-2010-1960
Source: CCN
Type: HP Security Bulletin HPSBMA02537 SSRT010027
OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code
Source: HP
Type: Patch, Vendor Advisory
HPSBMA02537
Source: CCN
Type: SA40101
HP OpenView Network Node Manager Buffer Overflow Vulnerabilities
Source: SECUNIA
Type: Vendor Advisory
40101
Source: CCN
Type: SECTRACK ID: 1024071
HP OpenView Network Node Manager 'jovgraph.exe' Lets Remote Users Execute Arbitrary Code
Source: CCN
Type: OSVDB ID: 65427
HP OpenView Network Node Manager ovwebsnmpsrv.exe Error Handling Functionality Overflow
Source: BUGTRAQ
Type: UNKNOWN
20100608 ZDI-10-105: Hewlett-Packard OpenView NNM ovwebsnmpsrv.exe Bad Option Remote Code Execution Vulnerability
Source: BID
Type: UNKNOWN
40637
Source: CCN
Type: BID-40637
HP OpenView Network Node Manager 'ovwebsnmpsrv.exe' Bad Option Stack Buffer Overflow Vulnerability
Source: SECTRACK
Type: UNKNOWN
1024071
Source: MISC
Type: UNKNOWN
http://www.zerodayinitiative.com/advisories/ZDI-10-105/
Source: XF
Type: UNKNOWN
ovnnm-ovwebsnmpsrv-bo(59249)
Source: XF
Type: UNKNOWN
ovnnm-ovwebsnmpsrv-bo(59249)
Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [03-23-2011]
Source: CCN
Type: ZDI-10-105
Hewlett-Packard OpenView NNM ovwebsnmpsrv.exe Bad Option Remote Code Execution Vulnerability
Vulnerable Configuration:
Configuration 1
:
cpe:/a:hp:openview_network_node_manager:7.51:*:*:*:*:*:*:*
OR
cpe:/a:hp:openview_network_node_manager:7.51:-:hp-ux:*:*:*:*:*
OR
cpe:/a:hp:openview_network_node_manager:7.51:-:linux:*:*:*:*:*
OR
cpe:/a:hp:openview_network_node_manager:7.51:-:solaris:*:*:*:*:*
OR
cpe:/a:hp:openview_network_node_manager:7.51:-:windows:*:*:*:*:*
OR
cpe:/a:hp:openview_network_node_manager:7.53:*:*:*:*:*:*:*
OR
cpe:/a:hp:openview_network_node_manager:7.53:-:hp-ux:*:*:*:*:*
OR
cpe:/a:hp:openview_network_node_manager:7.53:-:linux:*:*:*:*:*
OR
cpe:/a:hp:openview_network_node_manager:7.53:-:solaris:*:*:*:*:*
OR
cpe:/a:hp:openview_network_node_manager:7.53:-:windows:*:*:*:*:*
Configuration CCN 1
:
cpe:/a:hp:openview_network_node_manager:7.51:-:hp-ux:*:*:*:*:*
OR
cpe:/a:hp:openview_network_node_manager:7.51:-:linux:*:*:*:*:*
OR
cpe:/a:hp:openview_network_node_manager:7.51:-:solaris:*:*:*:*:*
OR
cpe:/a:hp:openview_network_node_manager:7.51:-:windows:*:*:*:*:*
OR
cpe:/a:hp:openview_network_node_manager:7.53:-:hp-ux:*:*:*:*:*
OR
cpe:/a:hp:openview_network_node_manager:7.53:-:linux:*:*:*:*:*
OR
cpe:/a:hp:openview_network_node_manager:7.53:-:solaris:*:*:*:*:*
OR
cpe:/a:hp:openview_network_node_manager:7.53:-:windows:*:*:*:*:*
Denotes that component is vulnerable
BACK
hp
openview network node manager 7.51
hp
openview network node manager 7.51 -
hp
openview network node manager 7.51 -
hp
openview network node manager 7.51 -
hp
openview network node manager 7.51 -
hp
openview network node manager 7.53
hp
openview network node manager 7.53 -
hp
openview network node manager 7.53 -
hp
openview network node manager 7.53 -
hp
openview network node manager 7.53 -
hp
openview network node manager 7.51 -
hp
openview network node manager 7.51 -
hp
openview network node manager 7.51 -
hp
openview network node manager 7.51 -
hp
openview network node manager 7.53 -
hp
openview network node manager 7.53 -
hp
openview network node manager 7.53 -
hp
openview network node manager 7.53 -
Denotes that component is vulnerable