CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.5%
Added: 07/01/2010
CVE: CVE-2010-1552
BID: 40068
OSVDB: 64975
HP OpenView Network Node Manager is network availability and performance management software.
A stack buffer overflow vulnerability in HP Openview NNM allows remote attackers to execute arbitrary commands by sending specially crafted **act**
and **app**
parameters to the **snmpviewer.exe**
CGI program.
Apply the patches referenced in HP Security Bulletin HPSBMA02527 SSRT010098.
<http://secunia.com/advisories/39757/>
Exploit works on HP OpenView Network Node Manager 7.53.
On Windows Server 2003, **Read**
and **Execute**
privileges on the file **%windir%\system32\cmd.exe**
must be granted to the Internet Guest Account **IUSR__<computername>_**
for the exploit to work properly. Note that users in the groups **Users**
and **Power Users**
don’t have those privileges, but users in the groups **Administrators**
and **TelnetClients**
do.
Windows