Vulnerabilities > CVE-2005-2773 - Unspecified vulnerability in HP Openview Network Node Manager

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
hp
critical
nessus
exploit available
metasploit

Summary

HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) node parameter to connectedNodes.ovpl, (2) cdpView.ovpl, (3) freeIPaddrs.ovpl, and (4) ecscmg.ovpl.

Exploit-Db

  • descriptionHP OpenView Network Node Manager <= 7.50 Remote Exploit. CVE-2005-2773. Remote exploits for multiple platform
    idEDB-ID:1188
    last seen2016-01-31
    modified2005-08-30
    published2005-08-30
    reporterLympex
    sourcehttps://www.exploit-db.com/download/1188/
    titleHP OpenView Network Node Manager <= 7.50 - Remote Exploit
  • descriptionHP Openview connectedNodes.ovpl Remote Command Execution. CVE-2005-2773. Remote exploit for linux platform
    idEDB-ID:16887
    last seen2016-02-02
    modified2010-07-03
    published2010-07-03
    reportermetasploit
    sourcehttps://www.exploit-db.com/download/16887/
    titleHP Openview connectedNodes.ovpl Remote Command Execution

Metasploit

descriptionThis module exploits an arbitrary command execution vulnerability in the HP OpenView connectedNodes.ovpl CGI application. The results of the command will be displayed to the screen.
idMSF:EXPLOIT/UNIX/WEBAPP/OPENVIEW_CONNECTEDNODES_EXEC
last seen2020-05-28
modified2017-07-24
published2007-01-05
referenceshttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2773
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/unix/webapp/openview_connectednodes_exec.rb
titleHP Openview connectedNodes.ovpl Remote Command Execution

Nessus

NASL familyCGI abuses
NASL idOPENVIEW_NNM_CMD_EXEC.NASL
descriptionThe remote version of HP OpenView Network Node Manager fails to sanitize user-supplied input to various parameters used in the
last seen2020-06-01
modified2020-06-02
plugin id19555
published2005-09-01
reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/19555
titleHP OpenView Network Node Manager Multiple Scripts Remote Command Execution

Packetstorm

Saint

bid14662
descriptionHP OpenView Network Node Manager connectedNodes.ovpl command execution
idnet_ovconnectednodes
osvdb19057
titleopenview_nnm_connectednodes
typeremote