CVE-2008-2438Improper Restriction of Operations within the Bounds of a Memory Buffer in HP Openview Network Node Manager

CWE-1893 documents3 sources
Severity
10.0CRITICALNVD
EPSS
17.0%
top 5.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
HP Openview Network Node Manager
Timeline
PublishedApr 28
Latest updateMay 1

Description

Integer overflow in ovalarmsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a crafted command to TCP port 2954, which triggers a heap-based buffer overflow.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

NVDhp/openview_network_node_manager7.01, 7.51, 7.53+2

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-w7g8-g7g7-6gxq: Integer overflow in ovalarmsrv2022-05-01
CVEList
CVE-2008-2438: Integer overflow in ovalarmsrv2009-04-28
CVE-2008-2438 — HP vulnerability | cvebase