⚠ Actively exploited
Added to CISA KEV on 2022-03-25. Federal agencies required to patch by 2022-04-15. Required action: Apply updates per vendor instructions..

CVE-2005-2773Command Injection in HP Openview Network Node Manager

CWE-77Command Injection7 documents6 sources
Severity
9.8CRITICALNVD
EPSS
90.3%
top 0.40%
CISA KEV
KEV
Added 2022-03-25
Due 2022-04-15
Exploit
Exploited in wild
Active exploitation observed
Affected products
1
HP Openview Network Node Manager
Timeline
PublishedSep 2
KEV addedMar 25
KEV dueApr 15
Latest updateMay 1
CISA Required Action: Apply updates per vendor instructions.

Description

HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) node parameter to connectedNodes.ovpl, (2) cdpView.ovpl, (3) freeIPaddrs.ovpl, and (4) ecscmg.ovpl.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

3
GHSA
GHSA-xqgm-4493-f736: HP OpenView Network Node Manager 62022-05-01
CVEList
CVE-2005-2773: HP OpenView Network Node Manager 62005-09-02
VulnCheck
HP OpenView Network Node Manager Remote Code Execution Vulnerability2005

💥Exploits & PoCs

2
Exploit-DB
HP OpenView Network Node Manager (OV NNM) - 'connectedNodes.ovp'l Remote Command Execution (Metasploit)2010-07-03
Exploit-DB
HP OpenView Network Node Manager 7.50 - Remote Command Execution2005-08-30

📋Vendor Advisories

1
CISA
HP OpenView Network Node Manager Remote Code Execution Vulnerability2022-03-25
CVE-2005-2773 — Command Injection in HP | cvebase