Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-1960

CWE-119 — Buffer Overflow4 documents4 sources

Severity

10.0CRITICAL

EPSS

69.3%

top 1.35%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

HP Openview Network Node Manager

Timeline

PublishedJun 10

Latest updateMay 14

Description

Buffer overflow in the error handling functionality in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long, invalid option to jovgraph.exe.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDhp/openview_network_node_manager7.51, 7.53+1

Patches

Patch: marc.info ↗Patch: marc.info ↗

🔴Vulnerability Details

GHSA

GHSA-772g-m8r9-pg2f: Buffer overflow in the error handling functionality in ovwebsnmpsrv↗2022-05-14

▶

CVEList

CVE-2010-1960: Buffer overflow in the error handling functionality in ovwebsnmpsrv↗2010-06-10

▶

💥Exploits & PoCs

Exploit-DB

HP OpenView Network Node Manager (OV NNM) - 'ovwebsnmpsrv.exe' Unrecognized Option Buffer Overflow (Metasploit)↗2011-03-23

▶