Vulnerabilities > CVE-2005-2773 - Remote Command Execution vulnerability in HP OpenView Network Node Manager
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) node parameter to connectedNodes.ovpl, (2) cdpView.ovpl, (3) freeIPaddrs.ovpl, and (4) ecscmg.ovpl.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 15 |
Exploit-Db
description HP OpenView Network Node Manager <= 7.50 Remote Exploit. CVE-2005-2773. Remote exploits for multiple platform id EDB-ID:1188 last seen 2016-01-31 modified 2005-08-30 published 2005-08-30 reporter Lympex source https://www.exploit-db.com/download/1188/ title HP OpenView Network Node Manager <= 7.50 - Remote Exploit description HP Openview connectedNodes.ovpl Remote Command Execution. CVE-2005-2773. Remote exploit for linux platform id EDB-ID:16887 last seen 2016-02-02 modified 2010-07-03 published 2010-07-03 reporter metasploit source https://www.exploit-db.com/download/16887/ title HP Openview connectedNodes.ovpl Remote Command Execution
Metasploit
| description | This module exploits an arbitrary command execution vulnerability in the HP OpenView connectedNodes.ovpl CGI application. The results of the command will be displayed to the screen. |
| id | MSF:EXPLOIT/UNIX/WEBAPP/OPENVIEW_CONNECTEDNODES_EXEC |
| last seen | 2020-05-28 |
| modified | 2017-07-24 |
| published | 2007-01-05 |
| references | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2773 |
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/unix/webapp/openview_connectednodes_exec.rb |
| title | HP Openview connectedNodes.ovpl Remote Command Execution |
Nessus
| NASL family | CGI abuses |
| NASL id | OPENVIEW_NNM_CMD_EXEC.NASL |
| description | The remote version of HP OpenView Network Node Manager fails to sanitize user-supplied input to various parameters used in the |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 19555 |
| published | 2005-09-01 |
| reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/19555 |
| title | HP OpenView Network Node Manager Multiple Scripts Remote Command Execution |
Packetstorm
data source https://packetstormsecurity.com/files/download/42295/openview_connectednodes_exec.pm.txt id PACKETSTORM:42295 last seen 2016-12-05 published 2005-12-14 reporter Valerio Tesei source https://packetstormsecurity.com/files/42295/openview_connectednodes_exec.pm.txt.html title openview_connectednodes_exec.pm.txt data source https://packetstormsecurity.com/files/download/82362/openview_connectednodes_exec.rb.txt id PACKETSTORM:82362 last seen 2016-12-05 published 2009-10-30 reporter Valerio Tesei source https://packetstormsecurity.com/files/82362/HP-Openview-connectedNodes.ovpl-Remote-Command-Execution.html title HP Openview connectedNodes.ovpl Remote Command Execution
Saint
| bid | 14662 |
| description | HP OpenView Network Node Manager connectedNodes.ovpl command execution |
| id | net_ovconnectednodes |
| osvdb | 19057 |
| title | openview_nnm_connectednodes |
| type | remote |