CVE-2009-3845 — HP Openview Network Node Manager vulnerability

3 documents3 sources

Severity

10.0CRITICALNVD

EPSS

18.6%

top 4.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

HP Openview Network Node Manager

Timeline

PublishedDec 10

Latest updateMay 2

Description

The port-3443 HTTP server in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostname parameter to unspecified Perl scripts.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDhp/openview_network_node_manager7.0.1, 7.51, 7.53+2

Patches

Patch: h20000.www2.hp.com ↗Patch: h20000.www2.hp.com ↗

🔴Vulnerability Details

GHSA

GHSA-g5mm-4rjp-2mg7: The port-3443 HTTP server in HP OpenView Network Node Manager (OV NNM) 7↗2022-05-02

▶

CVEList

CVE-2009-3845: The port-3443 HTTP server in HP OpenView Network Node Manager (OV NNM) 7↗2009-12-10

▶