Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-1961 — Improper Restriction of Operations within the Bounds of a Memory Buffer in HP Openview Network Node Manager

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources

Severity

10.0CRITICALNVD

EPSS

69.3%

top 1.35%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

HP Openview Network Node Manager

Timeline

PublishedJun 10

Latest updateMay 14

Description

Buffer overflow in ovutil.dll in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unspecified variables to jovgraph.exe, which are not properly handled in a call to the sprintf function.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDhp/openview_network_node_manager7.51, 7.53+1

Patches

Patch: marc.info ↗Patch: marc.info ↗

🔴Vulnerability Details

GHSA

GHSA-gc7h-r8w4-m2m4: Buffer overflow in ovutil↗2022-05-14

▶

CVEList

CVE-2010-1961: Buffer overflow in ovutil↗2010-06-10

▶

💥Exploits & PoCs

Exploit-DB

HP OpenView Network Node Manager (OV NNM) - 'ovwebsnmpsrv.exe ovutil' Remote Buffer Overflow (Metasploit)↗2011-03-23

▶

Metasploit

HP OpenView Network Node Manager ovwebsnmpsrv.exe main Buffer Overflow↗

▶