Title

HP Network Node Manager Arbitrary Command Execution Vulnerability (Cat II impact)

Discussion

HP has addressed a vulnerability affecting HP OpenView Network Node Manager. HP OpenView Network Node Manager (NNM) is a fault-management application for IP networks. To exploit this vulnerability, an attacker would create and send malicious data to a vulnerable system. If successfully exploited, this vulnerability would allow a remote attacker to compromise the affected system. At this time, there are no known exploits associated with this vulnerability; JTF-GNO is not aware of any DoD related incidents. HP OpenView Network Node Manager Remote Execution of Arbitrary Commands Vulnerability - (CVE-2010-0445): Unspecified vulnerability in HP Network Node Manager (NNM) 8.10, 8.11, 8.12, and 8.13 allows remote attackers to execute arbitrary commands via unknown vectors.

Check Content

See the IAVM notice and vendor bulletin for additional information. Affected Products: HP OpenView Network Node Manager 8.10 HP OpenView Network Node Manager 8.11 HP OpenView Network Node Manager 8.12 HP OpenView Network Node Manager 8.13 Required patch - NNM810W_00006 or subsequent Interview the SA to determine if patch has been installed.

Fix Text

Additional Identifiers

Rule ID:

Vulnerability ID: V-22672

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.