ID CVE-2009-3845
Summary The port-3443 HTTP server in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostname parameter to unspecified Perl scripts.
References
Vulnerable Configurations
  • cpe:2.3:a:hp:openview_network_node_manager:7.0.1:*:hp_ux:*:*:*:*:*
    cpe:2.3:a:hp:openview_network_node_manager:7.0.1:*:hp_ux:*:*:*:*:*
  • cpe:2.3:a:hp:openview_network_node_manager:7.0.1:*:linux:*:*:*:*:*
    cpe:2.3:a:hp:openview_network_node_manager:7.0.1:*:linux:*:*:*:*:*
  • cpe:2.3:a:hp:openview_network_node_manager:7.0.1:*:solaris:*:*:*:*:*
    cpe:2.3:a:hp:openview_network_node_manager:7.0.1:*:solaris:*:*:*:*:*
  • cpe:2.3:a:hp:openview_network_node_manager:7.0.1:*:windows:*:*:*:*:*
    cpe:2.3:a:hp:openview_network_node_manager:7.0.1:*:windows:*:*:*:*:*
  • cpe:2.3:a:hp:openview_network_node_manager:7.51:-:hp-ux:*:*:*:*:*
    cpe:2.3:a:hp:openview_network_node_manager:7.51:-:hp-ux:*:*:*:*:*
  • cpe:2.3:a:hp:openview_network_node_manager:7.51:-:linux:*:*:*:*:*
    cpe:2.3:a:hp:openview_network_node_manager:7.51:-:linux:*:*:*:*:*
  • cpe:2.3:a:hp:openview_network_node_manager:7.51:-:solaris:*:*:*:*:*
    cpe:2.3:a:hp:openview_network_node_manager:7.51:-:solaris:*:*:*:*:*
  • cpe:2.3:a:hp:openview_network_node_manager:7.51:-:windows:*:*:*:*:*
    cpe:2.3:a:hp:openview_network_node_manager:7.51:-:windows:*:*:*:*:*
  • cpe:2.3:a:hp:openview_network_node_manager:7.53:-:hp-ux:*:*:*:*:*
    cpe:2.3:a:hp:openview_network_node_manager:7.53:-:hp-ux:*:*:*:*:*
  • cpe:2.3:a:hp:openview_network_node_manager:7.53:-:linux:*:*:*:*:*
    cpe:2.3:a:hp:openview_network_node_manager:7.53:-:linux:*:*:*:*:*
  • cpe:2.3:a:hp:openview_network_node_manager:7.53:-:solaris:*:*:*:*:*
    cpe:2.3:a:hp:openview_network_node_manager:7.53:-:solaris:*:*:*:*:*
  • cpe:2.3:a:hp:openview_network_node_manager:7.53:-:windows:*:*:*:*:*
    cpe:2.3:a:hp:openview_network_node_manager:7.53:-:windows:*:*:*:*:*
CVSS
Base: 10.0 (as of 10-10-2018 - 19:47)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
refmap via4
bid
  • 37261
  • 37300
bugtraq 20091209 ZDI-09-094: Hewlett-Packard OpenView NNM Multiple Command Injection Vulnerabilities
hp
  • HPSBMA02483
  • SSRT090037
  • SSRT090257
misc http://zerodayinitiative.com/advisories/ZDI-09-094/
xf hp-openviewnnm-hostname-command-execution(54651)
saint via4
  • bid 37261
    description HP OpenView Network Node Manager ovalarm.exe Accept-Language buffer overflow
    id net_ovnodemgralarmlangbo
    osvdb 60930
    title openview_nnm_ovalarm_accept_language
    type remote
  • bid 37261
    description HP OpenView Network Node Manager ovwebsnmpsrv.exe buffer overflow via jovgraph.exe
    id net_ovwebsnmpsrvbo
    osvdb 60932
    title openview_nnm_ovwebsnmpsrv_jovgraph
    type remote
Last major update 10-10-2018 - 19:47
Published 10-12-2009 - 22:30
Last modified 10-10-2018 - 19:47
Back to Top