9.8

CVE-2005-2773

Warnung
Exploit
HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) node parameter to connectedNodes.ovpl, (2) cdpView.ovpl, (3) freeIPaddrs.ovpl, and (4) ecscmg.ovpl.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
HpOpenview Network Node Manager Version >= 6.2 <= 7.50

25.03.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

HP OpenView Network Node Manager Remote Code Execution Vulnerability

Schwachstelle

HP OpenView Network Node Manager could allow a remote attacker to execute arbitrary commands on the system.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 74.09% 0.994
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

http://marc.info/?l=bugtraq&m=112499121725662&w=2
Exploit
Mailing List
Issue Tracking
http://secunia.com/advisories/16555/
Not Applicable
http://www.securityfocus.com/advisories/9150
Broken Link
http://www.securityfocus.com/bid/14662
Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/21999
Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2005-2773
US Government Resource