Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-0068 — Path Traversal in HP Openview Network Node Manager

CWE-22 — Path Traversal5 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

58.7%

top 1.78%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

HP Openview Network Node Manager

Timeline

PublishedApr 16

Latest updateMay 1

Description

Directory traversal vulnerability in OpenView5.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to read arbitrary files via directory traversal sequences in the Action parameter.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDhp/openview_network_node_manager7.51, 7.53+1

🔴Vulnerability Details

GHSA

GHSA-525w-26g2-gh87: Directory traversal vulnerability in OpenView5↗2022-05-01

▶

CVEList

CVE-2008-0068: Directory traversal vulnerability in OpenView5↗2008-04-16

▶

💥Exploits & PoCs

Exploit-DB

HP OpenView Network Node Manager (OV NNM) 7.x - 'OpenView5.exe?Action' Traversal Arbitrary File Access↗2008-04-11

▶

🔍Detection Rules

Suricata

ET WEB_SERVER HP OpenView Network Node Manager CGI Directory Traversal↗2010-07-30

▶