What is CVE-2010-1960?

CVE-2010-1960 is a vulnerability in Hp Openview_network_node_manager, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2010-06-10.

Is CVE-2010-1960 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Hp Openview_network_node_manager

CVE-2010-1960

Buffer overflow in the error handling functionality in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long, invalid option to jovgraph.exe.

Vulnerability class: Buffer Overflow

EPSS: 0.693 (98.7th percentile) — read the EPSS interpretation.

Affected products

Hp Openview_network_node_manager — versions 7.53, 7.51
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

Public proof-of-concept exploits

rapid7/metasploit-framework

References

20100608 ZDI-10-105: Hewlett-Packard OpenView NNM ovwebsnmpsrv.exe Bad Option Remote Code Execution Vulnerability (mailing-list, x_refsource_BUGTRAQ)
hp-security-alert@hp.com (x_refsource_MISC)
HPSBMA02537 (Vendor Advisory, x_refsource_HP, vendor-advisory, Patch)
40101 (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
40637 (vdb-entry, x_refsource_BID)
ovnnm-ovwebsnmpsrv-bo(59249) (vdb-entry, x_refsource_XF)
1024071 (vdb-entry, x_refsource_SECTRACK)

Frequently asked questions

What is CVE-2010-1960?: CVE-2010-1960 is a vulnerability in Hp Openview_network_node_manager, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2010-06-10.
Is CVE-2010-1960 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.