CVE-2005-2773
CVE-2005-2773
In short
HP OpenView Network Node Manager has a critical flaw that allows attackers to run malicious commands on the server by sending specially crafted requests. This happens because the software doesn't properly filter dangerous characters in user input.
Technical detail
CWE-77 command injection vulnerability in OpenView Network Node Manager 6.2-7.50 affects multiple OVPl scripts (connectedNodes.ovpl, cdpView.ovpl, freeIPaddrs.ovpl, ecscmg.ovpl) through unvalidated node parameters. Remote attackers can inject shell metacharacters to execute arbitrary system commands without authentication, achieving full server compromise.
Summary generated and translated by AI from the official description.
HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) node parameter to connectedNodes.ovpl, (2) cdpView.ovpl, (3) freeIPaddrs.ovpl, and (4) ecscmg.ovpl.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 2
exploitdbwww.exploit-db.com/exploits/16887unverifiedexploitdbwww.exploit-db.com/exploits/1188unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://marc.info/?l=bugtraq&m=112499121725662&w=2http://secunia.com/advisories/16555/https://exchange.xforce.ibmcloud.com/vulnerabilities/21999https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2005-2773http://www.securityfocus.com/advisories/9150http://www.securityfocus.com/bid/14662