ID CVE-2014-2624
Summary Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x, 9.1x, and 9.2x allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2264.
References
Vulnerable Configurations
  • HP Network Node Manager i (NNMi) 9.0
    cpe:2.3:a:hp:network_node_manager_i:9.0
  • HP Network Node Manager i (NNMi) 9.20
    cpe:2.3:a:hp:network_node_manager_i:9.20
  • HP Network Node Manager i (NNMi) 9.10
    cpe:2.3:a:hp:network_node_manager_i:9.10
CVSS
Base: 10.0 (as of 11-09-2014 - 05:12)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
exploit-db via4
description HP Network Node Manager I PMD Buffer Overflow. CVE-2014-2624. Remote exploit for linux platform
id EDB-ID:34866
last seen 2016-02-04
modified 2014-10-02
published 2014-10-02
reporter metasploit
source https://www.exploit-db.com/download/34866/
title HP Network Node Manager I PMD Buffer Overflow
metasploit via4
description This module exploits a stack buffer overflow in HP Network Node Manager I (NNMi). The vulnerability exists in the pmd service, due to the insecure usage of functions like strcpy and strcat while handling stack_option packets with user controlled data. In order to bypass ASLR this module uses a proto_tbl packet to leak an libov pointer from the stack and finally build the ROP chain to avoid NX.
id MSF:EXPLOIT/LINUX/MISC/HP_NNMI_PMD_BOF
last seen 2019-03-24
modified 2017-07-24
published 2014-09-24
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/misc/hp_nnmi_pmd_bof.rb
title HP Network Node Manager I PMD Buffer Overflow
nessus via4
  • NASL family Red Hat Local Security Checks
    NASL id HP_NNMI_HPSBMU03075-RHEL.NASL
    description The version of HP Network Node Manager i (NNMi) installed on the remote host is a version that is potentially affected by a remote code execution vulnerability. Note that Nessus did not check for the presence of a patch or workaround for this issue.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 79801
    published 2014-12-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79801
    title HP Network Node Manager i Remote Code Execution (HPSBMU03075)
  • NASL family Windows
    NASL id HP_NNMI_HPSBMU03075.NASL
    description The version of HP Network Node Manager i (NNMi) installed on the remote host is a version that is potentially affected by a remote code execution vulnerability. Note that Nessus did not check for the presence of a patch or workaround for this issue.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 77730
    published 2014-09-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77730
    title HP Network Node Manager i Remote Code Execution (HPSBMU03075)
packetstorm via4
data source https://packetstormsecurity.com/files/download/128478/hp_nnmi_pmd_bof.rb.txt
id PACKETSTORM:128478
last seen 2016-12-05
published 2014-09-30
reporter juan vazquez
source https://packetstormsecurity.com/files/128478/HP-Network-Node-Manager-I-PMD-Buffer-Overflow.html
title HP Network Node Manager I PMD Buffer Overflow
refmap via4
hp
  • HPSBMU03075
  • SSRT101519
sectrack 1030827
xf hp-nnmi-cve20142624-code-exec(95875)
Last major update 06-01-2017 - 21:59
Published 10-09-2014 - 21:55
Last modified 28-08-2017 - 21:34
Back to Top