HP Network Node Manager i Remote Code Execution (HPSBMU03075)

critical Nessus Plugin ID 77730

Synopsis

The remote host is potentially affected by a remote code execution vulnerability.

Description

The version of HP Network Node Manager i (NNMi) installed on the remote host is a version that is potentially affected by a remote code execution vulnerability.

Note that Nessus did not check for the presence of a patch or workaround for this issue.

Solution

Upgrade to version 10.0 or apply the hotfix referenced in the vendor advisory.

See Also

http://support.openview.hp.com/selfsolve/document/KM01138724

http://www.nessus.org/u?5d9f9490

Plugin Details

Severity: Critical

ID: 77730

File Name: hp_nnmi_HPSBMU03075.nasl

Version: 1.9

Type: local

Agent: windows

Family: Windows

Published: 9/17/2014

Updated: 11/25/2019

Configuration: Enable paranoid mode

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:hp:network_node_manager_i

Required KB Items: Settings/ParanoidReport, installed_sw/HP Network Node Manager i, SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/9/2014

Vulnerability Publication Date: 9/9/2014

Exploitable With

Core Impact

Metasploit (HP Network Node Manager I PMD Buffer Overflow)

Reference Information

CVE: CVE-2014-2624

HP: HPSBMU03075, SSRT101519, emr_na-c04378450

IAVA: 2014-A-0136