HP Network Node Manager I remote Unauthorized Access Vulnerability

Release date: 2012-4 4
Updated on: 2012-12-07

Affected Systems:
HP Network Node Manager I v9.20
HP Network Node Manager I 9.1x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 56822
CVE (CAN) ID: CVE-2012-3275

HP Network Node Manager I-series (NNMi) software provides powerful out-of-the-box functions to help your Network operation team efficiently manage networks of any size.

HP Network Node Manager I (NNMi) v9.1x, v9.20 (HP-UX, Linux, Solaris, Windows) has an unauthenticated access vulnerability that remote attackers can exploit to illegally access the affected system.

<* Source: HP

Link: http://seclists.org/bugtraq/2012/Dec/45
What is https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay? DocId = emr_na-c03507416
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

HP
--
HP has released a Security Bulletin (HPSBMU02816) and corresponding patches for this:

HPSBMU02816: SSRT100949 rev.1-HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Access

Https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay? DocId = emr_na-c03507416

Patch download:

NNMi version platform/patch hotfix
9.1x
Linux
NNM910L_00004

Solaris
NNM910S_00004

Windows
NNM910W_00004

HP-UX
PHSS_42788

Hotfix-NNMI-9.1xP4-UI-20120927.zip

9.20
Linux
NNM920L_00001

Solaris
NNM920S_00001

Windows
NNM920W_00001

HP-UX
PHSS_42793