Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-3277HP Hp-ux vulnerability

4 documents4 sources
Severity
10.0CRITICALNVD
CNA4.6
EPSS
31.7%
top 3.20%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
HP Hp-ux
Timeline
PublishedOct 21
Latest updateMay 1

Description

The LPD service in HP-UX 10.20 11.11 (11i) and earlier allows remote attackers to execute arbitrary code via shell metacharacters ("`" or single backquote) in a request that is not properly handled when an error occurs, as demonstrated by killing the connection, a different vulnerability than CVE-2002-1473.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

NVDhp/hp-ux10.20, 11.00, 11.11+2

🔴Vulnerability Details

2
GHSA
GHSA-wfp6-64v9-pqm2: The LPD service in HP-UX 102022-05-01
CVEList
CVE-2005-3277: The LPD service in HP-UX 102005-10-21

💥Exploits & PoCs

1
Exploit-DB
HP-UX 11.11 - lpd Remote Command Execution (Metasploit)2005-10-19
CVE-2005-3277 — HP Hp-ux vulnerability | cvebase