CVE-2016-2012

CWE-287 — Improper Authentication27 documents15 sources

Severity

6.5MEDIUM

EPSS

0.2%

top 54.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

HP Network Node Manager I

Timeline

PublishedMay 7

Latest updateMay 17

Description

HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote attackers to bypass authentication via unspecified vectors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.5

Affected Packages1 packages

▶NVDhp/network_node_manager_i6 versions+5

Patches

Patch: h20566.www2.hpe.com ↗Patch: h20566.www2.hpe.com ↗

🔴Vulnerability Details

GHSA

GHSA-225w-35x2-m698: HPE Network Node Manager i (NNMi) 9↗2022-05-17

▶

CVEList

CVE-2016-2012: HPE Network Node Manager i (NNMi) 9↗2016-05-07

▶

📋Vendor Advisories

Microsoft

NetLogon Elevation of Privilege Vulnerability↗2016-08-09

▶

Microsoft

Internet Explorer Security Feature Bypass Vulnerability↗2016-05-10

▶

🕵️Threat Intelligence

Qualys

July Patch Tuesday: 19 Critical Vulnerabilities from Microsoft, plus Critical Adobe Patches↗2017-07-11

▶

Fortinet

iSNS Server Memory Corruption Vulnerability in Microsoft Windows Server↗2017-03-23

▶

Unit42

NetTraveler Spear-Phishing Email Targets Diplomat of Uzbekistan↗2016-01-21

▶

💬Community

Bugzilla

CVE-2012-6703 kernel: Integer overflow in compress_core↗2016-06-29

▶