Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-3840 — HP Openview Network Node Manager vulnerability

5 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

17.2%

top 4.96%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

HP Openview Network Node Manager

Timeline

PublishedNov 19

Latest updateMay 2

Description

The embedded database engine service (aka ovdbrun.exe) in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to cause a denial of service (daemon crash) via an invalid Error Code field in a packet.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDhp/openview_network_node_manager7.51, 7.53+1

Patches

Patch: h20000.www2.hp.com ↗Patch: www.securityfocus.com ↗Patch: h20000.www2.hp.com ↗

🔴Vulnerability Details

GHSA

GHSA-6vvh-58xp-cxgw: The embedded database engine service (aka ovdbrun↗2022-05-02

▶

CVEList

CVE-2009-3840: The embedded database engine service (aka ovdbrun↗2009-11-19

▶

💥Exploits & PoCs

Exploit-DB

IBM SolidDB - Invalid Error Code↗2009-11-18

▶

Exploit-DB

HP OpenView Network Node Manager (OV NNM) 7.53 - Invalid DB Error Code↗2009-11-17

▶