Title: HP OpenView Operations for Windows Unauthorized Action Execution Vulnerability
Severity: HIGH
Description:
HP OpenView Operations for Windows (and associated products) provide network and system administration services for managing nodes across multiple network domains.
HP has reported a vulnerability in OpenView Operations for Windows that may permit local administrators to execute actions on remote nodes without requiring administrative rights on the node. This could be abused to gain unauthorized access to remote nodes managed via OpenView. The issue could also pose an additional threat if a remote attacker compromised one node, allowing for further compromises of remote notes managed by the software.
HP has also reported that while there is a registry key that can disable this behavior, it may not function properly. In environments where the desired behavior is to restrict execution of actions on remote nodes by local administrators, this could create a false sense of security.
Affected Products:
- HP OpenView VantagePoint for Windows 6.1.0 English
- HP OpenView VantagePoint for Windows 6.1.0 Japanese
- HP OpenView VantagePoint for Windows 6.2.0 English
- HP OpenView VantagePoint for Windows 6.2.0 Japanese
- HP Openview Operations for Windows 7.0.0
- HP Openview Operations for Windows 7.1.0
- HP Openview Operations for Windows 7.2.0
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
