Vulnerability Details : CVE-2014-2624
Public exploit exists!
Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x, 9.1x, and 9.2x allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2264.
Vulnerability category: Execute code
Products affected by CVE-2014-2624
- cpe:2.3:a:hp:network_node_manager_i:9.10:*:*:*:*:*:*:*
- cpe:2.3:a:hp:network_node_manager_i:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:hp:network_node_manager_i:9.20:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-2624
96.90%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2014-2624
-
HP Network Node Manager I PMD Buffer Overflow
Disclosure Date: 2014-09-09First seen: 2020-04-26exploit/linux/misc/hp_nnmi_pmd_bofThis module exploits a stack buffer overflow in HP Network Node Manager I (NNMi). The vulnerability exists in the pmd service, due to the insecure usage of functions like strcpy and strcat while handling stack_option packets with user controlled data. In order to byp
CVSS scores for CVE-2014-2624
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
References for CVE-2014-2624
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/95875
HP Network Node Manager i pmd buffer overflow CVE-2014-2624 Vulnerability Report
-
http://www.securitytracker.com/id/1030827
HP Network Node Manager i (NNMi) Unspecified Flaw Lets Remote Users Execute Arbitrary Code - SecurityTracker
-
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04378450
HP Support for Technical Help and Troubleshooting | HP® Customer Service.
Jump to