CVE-2014-2624

HP Network Node Manager i <9.2x - RCE

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2014-2624. PoCs published by Metasploit, d(-_-)b, juan vazquez, including Metasploit module exploits/linux/misc/hp_nnmi_pmd_bof.

AI-analyzed exploit summary This Metasploit module exploits a stack buffer overflow in HP Network Node Manager I (NNMi) via the pmd service, leveraging ASLR bypass via info leak and ROP chain to achieve remote code execution.

Description

Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x, 9.1x, and 9.2x allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2264.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotelinux

https://www.exploit-db.com/exploits/34866

View Code ZIP pw:eip

This Metasploit module exploits a stack buffer overflow in HP Network Node Manager I (NNMi) via the pmd service, leveraging ASLR bypass via info leak and ROP chain to achieve remote code execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: HP Network Node Manager I (NNMi) 9.10/9.20

No auth needed

Prerequisites: Network access to UDP port 7426 · Target running vulnerable HP NNMi version

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC NORMAL

by d(-_-)b, juan vazquez · rubypocunix

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/misc/hp_nnmi_pmd_bof.rb

View Code ZIP pw:eip

This Metasploit module exploits a stack buffer overflow in HP Network Node Manager I (NNMi) via the pmd service, leveraging ASLR bypass through a libov pointer leak and ROP chain to achieve remote code execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: HP Network Node Manager I (NNMi) 9.10 / 9.20

No auth needed

Prerequisites: Network access to UDP port 7426 · Target running vulnerable HP NNMi version

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Various Sources vendor-advisory x_refsource_hp

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04378450

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/95875

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1030827

Scores

EPSS 0.6543

EPSS Percentile 99.2%

Details

Status published

Products (3)

hp/network_node_manager_i 9.0

hp/network_node_manager_i 9.10

hp/network_node_manager_i 9.20

Published Sep 11, 2014

Tracked Since Feb 18, 2026