CVE-2009-3849

2009-12-1022:30:00

CWE-119

web.nvd.nist.gov

hp openview

nnm

buffer overflow

cve-2009-3849

remote code execution

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.5

Confidence

Low

EPSS

0.967

Percentile

99.7%

JSON

Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) a long Template parameter to nnmRptConfig.exe, related to the strcat function; or (2) a long Oid parameter to snmp.exe.

Affected configurations

Nvd

Node

hpopenview_network_node_managerMatch7.0.1hp_ux

hpopenview_network_node_managerMatch7.0.1linux

hpopenview_network_node_managerMatch7.0.1solaris

hpopenview_network_node_managerMatch7.0.1windows

hpopenview_network_node_managerMatch7.51-hp-ux

hpopenview_network_node_managerMatch7.51-linux

hpopenview_network_node_managerMatch7.51-solaris

hpopenview_network_node_managerMatch7.51-windows

hpopenview_network_node_managerMatch7.53-hp-ux

hpopenview_network_node_managerMatch7.53-linux

hpopenview_network_node_managerMatch7.53-solaris

hpopenview_network_node_managerMatch7.53-windows

VendorProductVersionCPE
hpopenview_network_node_manager7.0.1cpe:2.3:a:hp:openview_network_node_manager:7.0.1:*:hp_ux:*:*:*:*:*
hpopenview_network_node_manager7.0.1cpe:2.3:a:hp:openview_network_node_manager:7.0.1:*:linux:*:*:*:*:*
hpopenview_network_node_manager7.0.1cpe:2.3:a:hp:openview_network_node_manager:7.0.1:*:solaris:*:*:*:*:*
hpopenview_network_node_manager7.0.1cpe:2.3:a:hp:openview_network_node_manager:7.0.1:*:windows:*:*:*:*:*
hpopenview_network_node_manager7.51cpe:2.3:a:hp:openview_network_node_manager:7.51:-:hp-ux:*:*:*:*:*
hpopenview_network_node_manager7.51cpe:2.3:a:hp:openview_network_node_manager:7.51:-:linux:*:*:*:*:*
hpopenview_network_node_manager7.51cpe:2.3:a:hp:openview_network_node_manager:7.51:-:solaris:*:*:*:*:*
hpopenview_network_node_manager7.51cpe:2.3:a:hp:openview_network_node_manager:7.51:-:windows:*:*:*:*:*
hpopenview_network_node_manager7.53cpe:2.3:a:hp:openview_network_node_manager:7.53:-:hp-ux:*:*:*:*:*
hpopenview_network_node_manager7.53cpe:2.3:a:hp:openview_network_node_manager:7.53:-:linux:*:*:*:*:*

Vendor	Product	Version	CPE
hp	openview_network_node_manager	7.0.1	cpe:2.3:a:hp:openview_network_node_manager:7.0.1::hp_ux:::::
hp	openview_network_node_manager	7.0.1	cpe:2.3:a:hp:openview_network_node_manager:7.0.1::linux:::::
hp	openview_network_node_manager	7.0.1	cpe:2.3:a:hp:openview_network_node_manager:7.0.1::solaris:::::
hp	openview_network_node_manager	7.0.1	cpe:2.3:a:hp:openview_network_node_manager:7.0.1::windows:::::
hp	openview_network_node_manager	7.51	cpe:2.3:a:hp:openview_network_node_manager:7.51:-:hp-ux:::::*
hp	openview_network_node_manager	7.51	cpe:2.3:a:hp:openview_network_node_manager:7.51:-:linux:::::*
hp	openview_network_node_manager	7.51	cpe:2.3:a:hp:openview_network_node_manager:7.51:-:solaris:::::*
hp	openview_network_node_manager	7.51	cpe:2.3:a:hp:openview_network_node_manager:7.51:-:windows:::::*
hp	openview_network_node_manager	7.53	cpe:2.3:a:hp:openview_network_node_manager:7.53:-:hp-ux:::::*
hp	openview_network_node_manager	7.53	cpe:2.3:a:hp:openview_network_node_manager:7.53:-:linux:::::*