Critical

CVE-2008-4559 - Input Validation vulnerability in HP Openview Network Node Manager

Publication: 2009-02-08
Summary

HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via shell metacharacters in argument fields to the (1) webappmon.exe or (2) OpenView5.exe CGI program. NOTE: this issue may be partially covered by CVE-2009-0205.

Classification
CWE-20: Input Validation

Risk level (CVSS 10)

Critical

10.0

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

  • HP Openview Network Node Manager 7.0.1
  • HP Openview Network Node Manager 7.0.1
  • HP Openview Network Node Manager 7.0.1
  • HP Openview Network Node Manager 7.0.1
  • HP Openview Network Node Manager 7.51
  • HP Openview Network Node Manager 7.51
  • HP Openview Network Node Manager 7.51
  • HP Openview Network Node Manager 7.51
  • HP Openview Network Node Manager 7.53
  • HP Openview Network Node Manager 7.53
  • HP Openview Network Node Manager 7.53
  • HP Openview Network Node Manager 7.53