Vulnerability Details : CVE-2011-0266
Public exploit exists!
Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long nameParams parameter, a different vulnerability than CVE-2011-0267.2.
Vulnerability category: OverflowExecute code
Products affected by CVE-2011-0266
- cpe:2.3:a:hp:openview_network_node_manager:7.51:*:*:*:*:*:*:*
- cpe:2.3:a:hp:openview_network_node_manager:7.53:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-0266
96.30%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2011-0266
-
HP OpenView NNM nnmRptConfig nameParams Buffer Overflow
Disclosure Date: 2011-01-10First seen: 2020-04-26exploit/windows/http/hp_nnm_nnmrptconfig_nameparamsThis module exploits a vulnerability in HP NNM's nnmRptConfig.exe. A remote user can send a long string data to the nameParams parameter via a POST request, which causes an overflow on the stack when function ov.sprintf_new() is used, and gain arbitrary code executio
CVSS scores for CVE-2011-0266
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2011-0266
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-0266
-
http://www.zerodayinitiative.com/advisories/ZDI-11-008/
ZDI-11-008 | Zero Day Initiative
-
http://www.vupen.com/english/advisories/2011/0085
Webmail | OVH- OVH
-
http://www.securitytracker.com/id?1024951
HP OpenView Network Node Manager Multiple Bugs Let Remote Users Execute Arbitrary Code - SecurityTracker
-
http://securityreason.com/securityalert/8151
HP OpenView NNM nnmRptConfig nameParams Buffer Overflow - CXSecurity.com
-
http://www.securityfocus.com/archive/1/515628
SecurityFocus
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/64650
HP Openview Network Node Manager nameParams buffer overflow CVE-2011-0266 Vulnerability Report
-
http://www.securityfocus.com/bid/45762
HP OpenView Network Node Manager Multiple Remote Code Execution Vulnerabilities
Jump to