Vulnerabilities > CVE-2014-2624 - Unspecified vulnerability in HP Network Node Manager I 9.0/9.10/9.20
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x, 9.1x, and 9.2x allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2264.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Exploit-Db
| description | HP Network Node Manager I PMD Buffer Overflow. CVE-2014-2624. Remote exploit for linux platform |
| id | EDB-ID:34866 |
| last seen | 2016-02-04 |
| modified | 2014-10-02 |
| published | 2014-10-02 |
| reporter | metasploit |
| source | https://www.exploit-db.com/download/34866/ |
| title | HP Network Node Manager I PMD Buffer Overflow |
Metasploit
| description | This module exploits a stack buffer overflow in HP Network Node Manager I (NNMi). The vulnerability exists in the pmd service, due to the insecure usage of functions like strcpy and strcat while handling stack_option packets with user controlled data. In order to bypass ASLR this module uses a proto_tbl packet to leak an libov pointer from the stack and finally build the ROP chain to avoid NX. |
| id | MSF:EXPLOIT/LINUX/MISC/HP_NNMI_PMD_BOF |
| last seen | 2020-05-28 |
| modified | 2017-07-24 |
| published | 2014-09-24 |
| references | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2624 |
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/linux/misc/hp_nnmi_pmd_bof.rb |
| title | HP Network Node Manager I PMD Buffer Overflow |
Nessus
NASL family Windows NASL id HP_NNMI_HPSBMU03075.NASL description The version of HP Network Node Manager i (NNMi) installed on the remote host is a version that is potentially affected by a remote code execution vulnerability. Note that Nessus did not check for the presence of a patch or workaround for this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 77730 published 2014-09-17 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77730 title HP Network Node Manager i Remote Code Execution (HPSBMU03075) NASL family Red Hat Local Security Checks NASL id HP_NNMI_HPSBMU03075-RHEL.NASL description The version of HP Network Node Manager i (NNMi) installed on the remote host is a version that is potentially affected by a remote code execution vulnerability. Note that Nessus did not check for the presence of a patch or workaround for this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 79801 published 2014-12-08 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/79801 title HP Network Node Manager i Remote Code Execution (HPSBMU03075)
Packetstorm
| data source | https://packetstormsecurity.com/files/download/128478/hp_nnmi_pmd_bof.rb.txt |
| id | PACKETSTORM:128478 |
| last seen | 2016-12-05 |
| published | 2014-09-30 |
| reporter | juan vazquez |
| source | https://packetstormsecurity.com/files/128478/HP-Network-Node-Manager-I-PMD-Buffer-Overflow.html |
| title | HP Network Node Manager I PMD Buffer Overflow |