cvelistv5 - cve-2010-1554

cve-2010-1554

Vulnerability from cvelistv5

Published

2010-05-13 17:00

Modified

2024-08-07 01:28

Severity ?

Summary

Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid iCount parameter.

References

▼	URL	Tags
	hp-security-alert@hp.com	http://marc.info/?l=bugtraq&m=127360750704351&w=2
	hp-security-alert@hp.com	http://marc.info/?l=bugtraq&m=127360750704351&w=2
	hp-security-alert@hp.com	http://marc.info/?l=bugtraq&m=127360750704351&w=2
	hp-security-alert@hp.com	http://securityreason.com/securityalert/8154
	hp-security-alert@hp.com	http://www.exploit-db.com/exploits/14181
	hp-security-alert@hp.com	http://www.securityfocus.com/archive/1/511249/100/0/threaded
	hp-security-alert@hp.com	http://zerodayinitiative.com/advisories/ZDI-10-085/
	af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=127360750704351&w=2
	af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=127360750704351&w=2
	af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=127360750704351&w=2
	af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/8154
	af854a3a-2127-422b-91ae-364da2661108	http://www.exploit-db.com/exploits/14181
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/511249/100/0/threaded
	af854a3a-2127-422b-91ae-364da2661108	http://zerodayinitiative.com/advisories/ZDI-10-085/

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T01:28:41.807Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SSRT090229",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=127360750704351\u0026w=2"
          },
          {
            "name": "SSRT010098",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=127360750704351\u0026w=2"
          },
          {
            "name": "HPSBMA02527",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=127360750704351\u0026w=2"
          },
          {
            "name": "8154",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/8154"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://zerodayinitiative.com/advisories/ZDI-10-085/"
          },
          {
            "name": "14181",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/14181"
          },
          {
            "name": "20100511 ZDI-10-085: HP OpenView NNM getnnmdata.exe CGI Invalid ICount Remote Code Execution Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/511249/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-05-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid iCount parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01",
        "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "shortName": "hp"
      },
      "references": [
        {
          "name": "SSRT090229",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=127360750704351\u0026w=2"
        },
        {
          "name": "SSRT010098",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=127360750704351\u0026w=2"
        },
        {
          "name": "HPSBMA02527",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=127360750704351\u0026w=2"
        },
        {
          "name": "8154",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/8154"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://zerodayinitiative.com/advisories/ZDI-10-085/"
        },
        {
          "name": "14181",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/14181"
        },
        {
          "name": "20100511 ZDI-10-085: HP OpenView NNM getnnmdata.exe CGI Invalid ICount Remote Code Execution Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/511249/100/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "hp-security-alert@hp.com",
          "ID": "CVE-2010-1554",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid iCount parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SSRT090229",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=127360750704351\u0026w=2"
            },
            {
              "name": "SSRT010098",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=127360750704351\u0026w=2"
            },
            {
              "name": "HPSBMA02527",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=127360750704351\u0026w=2"
            },
            {
              "name": "8154",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/8154"
            },
            {
              "name": "http://zerodayinitiative.com/advisories/ZDI-10-085/",
              "refsource": "MISC",
              "url": "http://zerodayinitiative.com/advisories/ZDI-10-085/"
            },
            {
              "name": "14181",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/14181"
            },
            {
              "name": "20100511 ZDI-10-085: HP OpenView NNM getnnmdata.exe CGI Invalid ICount Remote Code Execution Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/511249/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
    "assignerShortName": "hp",
    "cveId": "CVE-2010-1554",
    "datePublished": "2010-05-13T17:00:00",
    "dateReserved": "2010-04-26T00:00:00",
    "dateUpdated": "2024-08-07T01:28:41.807Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hp:openview_network_node_manager:7.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6C89F2AB-45CF-4455-920F-396852C862E0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hp:openview_network_node_manager:7.51:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F5CC1E39-5607-41A9-8BBE-A51F1AC9D5CB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hp:openview_network_node_manager:7.51:-:hp-ux:*:*:*:*:*\", \"matchCriteriaId\": \"6692E05F-4864-449F-8A52-9001028D8C44\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hp:openview_network_node_manager:7.51:-:linux:*:*:*:*:*\", \"matchCriteriaId\": \"2A40F2C6-AFF9-4D63-ACD0-A9D37160BA3D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hp:openview_network_node_manager:7.51:-:solaris:*:*:*:*:*\", \"matchCriteriaId\": \"FC1DA299-A180-4078-9172-67D116840D29\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hp:openview_network_node_manager:7.51:-:windows:*:*:*:*:*\", \"matchCriteriaId\": \"FED610E9-7639-48FE-8B4F-B394A7EEC7C9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hp:openview_network_node_manager:7.53:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A3A4986C-97B8-4382-AC4B-55E22C6BAE62\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hp:openview_network_node_manager:7.53:-:hp-ux:*:*:*:*:*\", \"matchCriteriaId\": \"C1935DA4-A1AF-4867-BCB1-F5BB75360702\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hp:openview_network_node_manager:7.53:-:linux:*:*:*:*:*\", \"matchCriteriaId\": \"769ED1A5-C3C5-404E-8040-655D69C2AA88\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hp:openview_network_node_manager:7.53:-:solaris:*:*:*:*:*\", \"matchCriteriaId\": \"186EFE05-AC1C-48FF-91B7-0CCD49FEABCC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hp:openview_network_node_manager:7.53:-:windows:*:*:*:*:*\", \"matchCriteriaId\": \"D5CE1F56-FA80-416D-8F42-C1C291F0965C\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid iCount parameter.\"}, {\"lang\": \"es\", \"value\": \"Desbordamiento de b\\u00fafer basado en pila en etnnmdata.exe en HP OpenView Network Node Manager (OV NNM) 7.01, 7.51 y 7.53 permite a atacantes remotos ejecutar c\\u00f3digo de su elecci\\u00f3n mediante un par\\u00e1metro iCount inv\\u00e1lido.\"}]",
      "id": "CVE-2010-1554",
      "lastModified": "2024-11-21T01:14:41.240",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 10.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2010-05-13T17:30:02.407",
      "references": "[{\"url\": \"http://marc.info/?l=bugtraq\u0026m=127360750704351\u0026w=2\", \"source\": \"hp-security-alert@hp.com\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=127360750704351\u0026w=2\", \"source\": \"hp-security-alert@hp.com\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=127360750704351\u0026w=2\", \"source\": \"hp-security-alert@hp.com\"}, {\"url\": \"http://securityreason.com/securityalert/8154\", \"source\": \"hp-security-alert@hp.com\"}, {\"url\": \"http://www.exploit-db.com/exploits/14181\", \"source\": \"hp-security-alert@hp.com\"}, {\"url\": \"http://www.securityfocus.com/archive/1/511249/100/0/threaded\", \"source\": \"hp-security-alert@hp.com\"}, {\"url\": \"http://zerodayinitiative.com/advisories/ZDI-10-085/\", \"source\": \"hp-security-alert@hp.com\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=127360750704351\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=127360750704351\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=127360750704351\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securityreason.com/securityalert/8154\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.exploit-db.com/exploits/14181\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/511249/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://zerodayinitiative.com/advisories/ZDI-10-085/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "hp-security-alert@hp.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2010-1554\",\"sourceIdentifier\":\"hp-security-alert@hp.com\",\"published\":\"2010-05-13T17:30:02.407\",\"lastModified\":\"2024-11-21T01:14:41.240\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid iCount parameter.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento de b\u00fafer basado en pila en etnnmdata.exe en HP OpenView Network Node Manager (OV NNM) 7.01, 7.51 y 7.53 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un par\u00e1metro iCount inv\u00e1lido.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hp:openview_network_node_manager:7.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C89F2AB-45CF-4455-920F-396852C862E0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hp:openview_network_node_manager:7.51:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5CC1E39-5607-41A9-8BBE-A51F1AC9D5CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hp:openview_network_node_manager:7.51:-:hp-ux:*:*:*:*:*\",\"matchCriteriaId\":\"6692E05F-4864-449F-8A52-9001028D8C44\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hp:openview_network_node_manager:7.51:-:linux:*:*:*:*:*\",\"matchCriteriaId\":\"2A40F2C6-AFF9-4D63-ACD0-A9D37160BA3D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hp:openview_network_node_manager:7.51:-:solaris:*:*:*:*:*\",\"matchCriteriaId\":\"FC1DA299-A180-4078-9172-67D116840D29\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hp:openview_network_node_manager:7.51:-:windows:*:*:*:*:*\",\"matchCriteriaId\":\"FED610E9-7639-48FE-8B4F-B394A7EEC7C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hp:openview_network_node_manager:7.53:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3A4986C-97B8-4382-AC4B-55E22C6BAE62\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hp:openview_network_node_manager:7.53:-:hp-ux:*:*:*:*:*\",\"matchCriteriaId\":\"C1935DA4-A1AF-4867-BCB1-F5BB75360702\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hp:openview_network_node_manager:7.53:-:linux:*:*:*:*:*\",\"matchCriteriaId\":\"769ED1A5-C3C5-404E-8040-655D69C2AA88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hp:openview_network_node_manager:7.53:-:solaris:*:*:*:*:*\",\"matchCriteriaId\":\"186EFE05-AC1C-48FF-91B7-0CCD49FEABCC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hp:openview_network_node_manager:7.53:-:windows:*:*:*:*:*\",\"matchCriteriaId\":\"D5CE1F56-FA80-416D-8F42-C1C291F0965C\"}]}]}],\"references\":[{\"url\":\"http://marc.info/?l=bugtraq\u0026m=127360750704351\u0026w=2\",\"source\":\"hp-security-alert@hp.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=127360750704351\u0026w=2\",\"source\":\"hp-security-alert@hp.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=127360750704351\u0026w=2\",\"source\":\"hp-security-alert@hp.com\"},{\"url\":\"http://securityreason.com/securityalert/8154\",\"source\":\"hp-security-alert@hp.com\"},{\"url\":\"http://www.exploit-db.com/exploits/14181\",\"source\":\"hp-security-alert@hp.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/511249/100/0/threaded\",\"source\":\"hp-security-alert@hp.com\"},{\"url\":\"http://zerodayinitiative.com/advisories/ZDI-10-085/\",\"source\":\"hp-security-alert@hp.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=127360750704351\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=127360750704351\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=127360750704351\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securityreason.com/securityalert/8154\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.exploit-db.com/exploits/14181\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/511249/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://zerodayinitiative.com/advisories/ZDI-10-085/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

ghsa-jwpq-9gh6-w8cq

Vulnerability from github

Published

2022-05-14 02:37

Modified

2022-05-14 02:37

Details

Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid iCount parameter.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2010-1554"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-05-13T17:30:00Z",
    "severity": "HIGH"
  },
  "details": "Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid iCount parameter.",
  "id": "GHSA-jwpq-9gh6-w8cq",
  "modified": "2022-05-14T02:37:14Z",
  "published": "2022-05-14T02:37:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1554"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=127360750704351\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/8154"
    },
    {
      "type": "WEB",
      "url": "http://www.exploit-db.com/exploits/14181"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/511249/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://zerodayinitiative.com/advisories/ZDI-10-085"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

gsd-2010-1554

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid iCount parameter.

Aliases

CVE-2010-1554

Aliases

CVE-2010-1554

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2010-1554",
    "description": "Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid iCount parameter.",
    "id": "GSD-2010-1554",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2010-1554"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2010-1554"
      ],
      "details": "Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid iCount parameter.",
      "id": "GSD-2010-1554",
      "modified": "2023-12-13T01:21:32.044743Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "hp-security-alert@hp.com",
        "ID": "CVE-2010-1554",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid iCount parameter."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "SSRT090229",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=127360750704351\u0026w=2"
          },
          {
            "name": "SSRT010098",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=127360750704351\u0026w=2"
          },
          {
            "name": "HPSBMA02527",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=127360750704351\u0026w=2"
          },
          {
            "name": "8154",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/8154"
          },
          {
            "name": "http://zerodayinitiative.com/advisories/ZDI-10-085/",
            "refsource": "MISC",
            "url": "http://zerodayinitiative.com/advisories/ZDI-10-085/"
          },
          {
            "name": "14181",
            "refsource": "EXPLOIT-DB",
            "url": "http://www.exploit-db.com/exploits/14181"
          },
          {
            "name": "20100511 ZDI-10-085: HP OpenView NNM getnnmdata.exe CGI Invalid ICount Remote Code Execution Vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/511249/100/0/threaded"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:hp:openview_network_node_manager:7.51:-:linux:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hp:openview_network_node_manager:7.51:-:solaris:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hp:openview_network_node_manager:7.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hp:openview_network_node_manager:7.53:-:hp-ux:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hp:openview_network_node_manager:7.53:-:linux:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hp:openview_network_node_manager:7.51:-:windows:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hp:openview_network_node_manager:7.53:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hp:openview_network_node_manager:7.51:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hp:openview_network_node_manager:7.51:-:hp-ux:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hp:openview_network_node_manager:7.53:-:solaris:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hp:openview_network_node_manager:7.53:-:windows:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "hp-security-alert@hp.com",
          "ID": "CVE-2010-1554"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid iCount parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SSRT090229",
              "refsource": "HP",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=127360750704351\u0026w=2"
            },
            {
              "name": "http://zerodayinitiative.com/advisories/ZDI-10-085/",
              "refsource": "MISC",
              "tags": [],
              "url": "http://zerodayinitiative.com/advisories/ZDI-10-085/"
            },
            {
              "name": "14181",
              "refsource": "EXPLOIT-DB",
              "tags": [],
              "url": "http://www.exploit-db.com/exploits/14181"
            },
            {
              "name": "8154",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/8154"
            },
            {
              "name": "20100511 ZDI-10-085: HP OpenView NNM getnnmdata.exe CGI Invalid ICount Remote Code Execution Vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/511249/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-11T21:01Z",
      "publishedDate": "2010-05-13T17:30Z"
    }
  }
}

cve-2010-1554

Vulnerability from fkie_nvd

Published

2010-05-13 17:30

Modified

2024-11-21 01:14

Severity ?

Summary

Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid iCount parameter.

References

▼	URL	Tags
	hp-security-alert@hp.com	http://marc.info/?l=bugtraq&m=127360750704351&w=2
	hp-security-alert@hp.com	http://marc.info/?l=bugtraq&m=127360750704351&w=2
	hp-security-alert@hp.com	http://marc.info/?l=bugtraq&m=127360750704351&w=2
	hp-security-alert@hp.com	http://securityreason.com/securityalert/8154
	hp-security-alert@hp.com	http://www.exploit-db.com/exploits/14181
	hp-security-alert@hp.com	http://www.securityfocus.com/archive/1/511249/100/0/threaded
	hp-security-alert@hp.com	http://zerodayinitiative.com/advisories/ZDI-10-085/
	af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=127360750704351&w=2
	af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=127360750704351&w=2
	af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=127360750704351&w=2
	af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/8154
	af854a3a-2127-422b-91ae-364da2661108	http://www.exploit-db.com/exploits/14181
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/511249/100/0/threaded
	af854a3a-2127-422b-91ae-364da2661108	http://zerodayinitiative.com/advisories/ZDI-10-085/

Impacted products

Vendor	Product	Version
hp	openview_network_node_manager	7.0.1
hp	openview_network_node_manager	7.51
hp	openview_network_node_manager	7.51
hp	openview_network_node_manager	7.51
hp	openview_network_node_manager	7.51
hp	openview_network_node_manager	7.51
hp	openview_network_node_manager	7.53
hp	openview_network_node_manager	7.53
hp	openview_network_node_manager	7.53
hp	openview_network_node_manager	7.53
hp	openview_network_node_manager	7.53

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hp:openview_network_node_manager:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C89F2AB-45CF-4455-920F-396852C862E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:openview_network_node_manager:7.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5CC1E39-5607-41A9-8BBE-A51F1AC9D5CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:openview_network_node_manager:7.51:-:hp-ux:*:*:*:*:*",
              "matchCriteriaId": "6692E05F-4864-449F-8A52-9001028D8C44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:openview_network_node_manager:7.51:-:linux:*:*:*:*:*",
              "matchCriteriaId": "2A40F2C6-AFF9-4D63-ACD0-A9D37160BA3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:openview_network_node_manager:7.51:-:solaris:*:*:*:*:*",
              "matchCriteriaId": "FC1DA299-A180-4078-9172-67D116840D29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:openview_network_node_manager:7.51:-:windows:*:*:*:*:*",
              "matchCriteriaId": "FED610E9-7639-48FE-8B4F-B394A7EEC7C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:openview_network_node_manager:7.53:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3A4986C-97B8-4382-AC4B-55E22C6BAE62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:openview_network_node_manager:7.53:-:hp-ux:*:*:*:*:*",
              "matchCriteriaId": "C1935DA4-A1AF-4867-BCB1-F5BB75360702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:openview_network_node_manager:7.53:-:linux:*:*:*:*:*",
              "matchCriteriaId": "769ED1A5-C3C5-404E-8040-655D69C2AA88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:openview_network_node_manager:7.53:-:solaris:*:*:*:*:*",
              "matchCriteriaId": "186EFE05-AC1C-48FF-91B7-0CCD49FEABCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:openview_network_node_manager:7.53:-:windows:*:*:*:*:*",
              "matchCriteriaId": "D5CE1F56-FA80-416D-8F42-C1C291F0965C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid iCount parameter."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer basado en pila en etnnmdata.exe en HP OpenView Network Node Manager (OV NNM) 7.01, 7.51 y 7.53 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un par\u00e1metro iCount inv\u00e1lido."
    }
  ],
  "id": "CVE-2010-1554",
  "lastModified": "2024-11-21T01:14:41.240",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-05-13T17:30:02.407",
  "references": [
    {
      "source": "hp-security-alert@hp.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=127360750704351\u0026w=2"
    },
    {
      "source": "hp-security-alert@hp.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=127360750704351\u0026w=2"
    },
    {
      "source": "hp-security-alert@hp.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=127360750704351\u0026w=2"
    },
    {
      "source": "hp-security-alert@hp.com",
      "url": "http://securityreason.com/securityalert/8154"
    },
    {
      "source": "hp-security-alert@hp.com",
      "url": "http://www.exploit-db.com/exploits/14181"
    },
    {
      "source": "hp-security-alert@hp.com",
      "url": "http://www.securityfocus.com/archive/1/511249/100/0/threaded"
    },
    {
      "source": "hp-security-alert@hp.com",
      "url": "http://zerodayinitiative.com/advisories/ZDI-10-085/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=127360750704351\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=127360750704351\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=127360750704351\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/8154"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.exploit-db.com/exploits/14181"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/511249/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://zerodayinitiative.com/advisories/ZDI-10-085/"
    }
  ],
  "sourceIdentifier": "hp-security-alert@hp.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2010-1554

Vulnerability from cvelistv5

ghsa-jwpq-9gh6-w8cq

Vulnerability from github

gsd-2010-1554

Vulnerability from gsd

cve-2010-1554

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature