OSVDB ID: 64976

Title: HP OpenView Network Node Manager (OV NNM) getnnmdata.exe CGI Multiple Parameter Remote Code Execution

Info

Disclosure

May 11, 2010

Discovery

Unknown

Dates

Exploit

Unknown

Solution

May 11, 2010

Description

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Private, Exploit Commercial
Disclosure: Vendor Verified, Coordinated Disclosure
OSVDB: Web Related

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, HP has released a patch to address this vulnerability.

Products

Unknown or Incomplete

References

CVE ID: 2010-1553 (see also: NVD) 2010-1554 (see also: NVD) 2010-1555 (see also: NVD)
Secunia Advisory ID: 39757
Related OSVDB ID: 64973 64974 64975
Metasploit ID: 64976
Vendor Specific Advisory URL: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02153379
Mail List Post: http://seclists.org/bugtraq/2010/May/81
http://seclists.org/bugtraq/2010/May/82
http://seclists.org/bugtraq/2010/May/83
Generic Exploit URL: http://www.saintcorporation.com/cgi-bin/exploit_info/openview_nnm_getnnmdata_hostname
http://www.saintcorporation.com/cgi-bin/exploit_info/openview_nnm_getnnmdata_icount
http://www.saintcorporation.com/cgi-bin/exploit_info/openview_nnm_getnnmdata_maxage
Other Advisory URL: http://www.zerodayinitiative.com/advisories/ZDI-10-084
http://www.zerodayinitiative.com/advisories/ZDI-10-085
http://www.zerodayinitiative.com/advisories/ZDI-10-086

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/64976