10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.964 High
EPSS
Percentile
99.4%
Added: 02/20/2012
CVE: CVE-2011-3167
BID: 50471
OSVDB: 76775
HP OpenView Network Node Manager (NNM) is a network monitoring solution based on SNMP.
User supplied data from the NNM web interface is passed to the OVBuildPath function in ov.dll. This function contains a stack overflow vulnerability that may allow an unauthenticated attacker to take control of the server.
No patches are available at this time. Restrict access to the web interface of the NNM server.
<http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03054052>
<http://www.zerodayinitiative.com/advisories/ZDI-12-002/>
<http://www.zerodayinitiative.com/advisories/ZDI-12-003/>
This exploit has been tested against HP OpenView Network Node Manager 7.53 on Windows Server 2003 SP2 English (DEP OptOut) with KB956802 and KB2393802.
Windows