CVE-2005-2773

HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) node parameter to connectedNodes.ovpl, (2) cdpView.ovpl, (3) freeIPaddrs.ovpl, and (4) ecscmg.ovpl.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/bid/14662
http://secunia.com/advisories/16555/
http://www.securityfocus.com/advisories/9150
http://marc.info/?l=bugtraq&m=112499121725662&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/21999

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:hp:openview_network_node_manager:6.31:::::::*
	cpe:2.3:a:hp:openview_network_node_manager:6.31::nt_4.x_windows_2000:::::
	cpe:2.3:a:hp:openview_network_node_manager:7.50:::::::*
	cpe:2.3:a:hp:openview_network_node_manager:7.50::solaris:::::
	cpe:2.3:a:hp:openview_network_node_manager:6.4:::::::*
	cpe:2.3:a:hp:openview_network_node_manager:6.4::nt_4.x_windows_2000:::::
	cpe:2.3:a:hp:openview_network_node_manager:7.50::windows_2000_xp:::::
	cpe:2.3:a:hp:openview_network_node_manager:6.10:::::::*
	cpe:2.3:a:hp:openview_network_node_manager:6.2:::::::*
	cpe:2.3:a:hp:openview_network_node_manager:6.4::solaris:::::
	cpe:2.3:a:hp:openview_network_node_manager:6.41:::::::*
	cpe:2.3:a:hp:openview_network_node_manager:7.0.1::windows_2000_xp:::::
	cpe:2.3:a:hp:openview_network_node_manager:6.2::nt_4.x_windows_2000:::::
	cpe:2.3:a:hp:openview_network_node_manager:6.2::solaris:::::
	cpe:2.3:a:hp:openview_network_node_manager:6.41::solaris:::::

Information

Published : 2005-09-02 16:03

Updated : 2017-07-10 18:32

NVD link : CVE-2005-2773

Mitre link : CVE-2005-2773

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

hp

openview_network_node_manager

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/14662", "name": "14662", "tags": [], "refsource": "BID"}, {"url": "http://secunia.com/advisories/16555/", "name": "16555", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.securityfocus.com/advisories/9150", "name": "SSRT051023", "tags": [], "refsource": "HP"}, {"url": "http://marc.info/?l=bugtraq&m=112499121725662&w=2", "name": "20050825 Portcullis Security Advisory 05-014 HP Openview Remote Command", "tags": [], "refsource": "BUGTRAQ"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21999", "name": "hp-openview-node-manager-command-execution(21999)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) node parameter to connectedNodes.ovpl, (2) cdpView.ovpl, (3) freeIPaddrs.ovpl, and (4) ecscmg.ovpl."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2005-2773", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2005-09-02T23:03Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:hp:openview_network_node_manager:6.31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:openview_network_node_manager:6.31:*:nt_4.x_windows_2000:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:openview_network_node_manager:7.50:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:openview_network_node_manager:7.50:*:solaris:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:openview_network_node_manager:6.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:openview_network_node_manager:6.4:*:nt_4.x_windows_2000:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:openview_network_node_manager:7.50:*:windows_2000_xp:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:openview_network_node_manager:6.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:openview_network_node_manager:6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:openview_network_node_manager:6.4:*:solaris:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:openview_network_node_manager:6.41:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:openview_network_node_manager:7.0.1:*:windows_2000_xp:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:openview_network_node_manager:6.2:*:nt_4.x_windows_2000:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:openview_network_node_manager:6.2:*:solaris:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:openview_network_node_manager:6.41:*:solaris:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-11T01:32Z"}