Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-1555Improper Restriction of Operations within the Bounds of a Memory Buffer in HP Openview Network Node Manager

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents4 sources
Severity
10.0CRITICALNVD
EPSS
79.8%
top 0.90%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
HP Openview Network Node Manager
Timeline
PublishedMay 13
Latest updateMay 14

Description

Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid Hostname parameter.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

NVDhp/openview_network_node_manager7.0.1, 7.51, 7.53+2

🔴Vulnerability Details

2
GHSA
GHSA-f78m-hq58-gcg7: Stack-based buffer overflow in getnnmdata2022-05-14
CVEList
CVE-2010-1555: Stack-based buffer overflow in getnnmdata2010-05-13

💥Exploits & PoCs

2
Exploit-DB
HP OpenView Network Node Manager (OV NNM) - 'getnnmdata.exe Hostname' CGI Buffer Overflow (Metasploit)2011-03-25
Exploit-DB
HP OpenView Network Node Manager (OV NNM) - 'getnnmdata.exe' CGI Invalid Hostname Remote Code Execution2010-07-02