Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-1697

CWE-119 — Buffer Overflow5 documents4 sources

Severity

10.0CRITICAL

EPSS

83.2%

top 0.73%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

HP Openview Network Node Manager

Timeline

PublishedApr 8

Latest updateMay 1

Description

Stack-based buffer overflow in ovwparser.dll in HP OpenView Network Node Manager (OV NNM) 7.53, 7.51, and earlier allows remote attackers to execute arbitrary code via a long URI in an HTTP request processed by ovas.exe, as demonstrated by a certain topology/homeBaseView request. NOTE: some of these details are obtained from third party information.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDhp/openview_network_node_manager7.53+2

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-w694-c2xq-pqjf: Stack-based buffer overflow in ovwparser↗2022-05-01

▶

CVEList

CVE-2008-1697: Stack-based buffer overflow in ovwparser↗2008-04-08

▶

💥Exploits & PoCs

Exploit-DB

HP OpenView Network Node Manager (OV NNM) 7.53/7.51 - 'OVAS.exe' Stack Buffer Overflow (Metasploit)↗2010-10-12

▶

Exploit-DB

HP OpenView Network Node Manager (OV NNM) 7.5.1 - 'OVAS.exe' Overflow (SEH)↗2008-04-02

▶