CVE-2010-1550

EPSS 7.21%
Published 13.05.2010 17:30:02
Last modified 11.04.2025 00:51:21
Source hp-security-alert@hp.com
Teams watchlist Login
Open Login

Format string vulnerability in ovet_demandpoll.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via format string specifiers in the sel parameter.

Affected products Warnungen 0 Metrics 2 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Hp ≫ Openview Network Node Manager Version7.0.1

Hp ≫ Openview Network Node Manager Version7.51

Hp ≫ Openview Network Node Manager Version7.51 Update- Editionhp-ux

Hp ≫ Openview Network Node Manager Version7.51 Update- Editionlinux

Hp ≫ Openview Network Node Manager Version7.51 Update- Editionsolaris

Hp ≫ Openview Network Node Manager Version7.51 Update- Editionwindows

Hp ≫ Openview Network Node Manager Version7.53

Hp ≫ Openview Network Node Manager Version7.53 Update- Editionhp-ux

Hp ≫ Openview Network Node Manager Version7.53 Update- Editionlinux

Hp ≫ Openview Network Node Manager Version7.53 Update- Editionsolaris

Hp ≫ Openview Network Node Manager Version7.53 Update- Editionwindows

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	7.21%	0.912

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-134 Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

http://marc.info/?l=bugtraq&m=127360750704351&w=2

http://www.securityfocus.com/archive/1/511245/100/0/threaded

http://zerodayinitiative.com/advisories/ZDI-10-081/

https://nvd.nist.gov/vuln/detail/CVE-2010-1550

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-1550

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-1550

EUVD