HP Network Node Manager i Remote Code Execution (HPSBMU03075)

critical Nessus Plugin ID 79801

Synopsis

The remote host is potentially affected by a remote code execution vulnerability.

Description

The version of HP Network Node Manager i (NNMi) installed on the remote host is a version that is potentially affected by a remote code execution vulnerability.

Note that Nessus did not check for the presence of a patch or workaround for this issue.

Solution

Upgrade to version 10.0 or apply the hotfix referenced in the vendor advisory.

See Also

http://support.openview.hp.com/selfsolve/document/KM01138724

http://www.nessus.org/u?5d9f9490

Plugin Details

Severity: Critical

ID: 79801

File Name: hp_nnmi_HPSBMU03075-rhel.nasl

Version: 1.6

Type: local

Agent: unix

Published: 12/8/2014

Updated: 8/10/2018

Configuration: Enable paranoid mode

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:hp:network_node_manager_i

Required KB Items: Host/RedHat/release, Host/cpu, Settings/ParanoidReport, installed_sw/HP Network Node Manager i

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/9/2014

Vulnerability Publication Date: 9/9/2014

Exploitable With

Core Impact

Metasploit (HP Network Node Manager I PMD Buffer Overflow)

Reference Information

CVE: CVE-2014-2624

HP: HPSBMU03075, SSRT101519, emr_na-c04378450

IAVA: 2014-A-0136