Check Point Advisories

Update Protection against a Command Execution Vulnerability in HP OpenView Node Manager

Check Point Reference: CPAI-2006-012
Date Published: 12 Feb 2006
Severity: High
Last Updated: Tuesday 08 May, 2007
Source: FrSIRT/ADV-2005-1539
Industry Reference:

CVE-2005-2773

Protection Provided by:
Who is Vulnerable? HP OpenView Network Node Manager version 6.2
HP OpenView Network Node Manager version 6.4
HP OpenView Network Node Manager version 7.01
HP OpenView Network Node Manager version 7.50
Vulnerability Description HP OpenView Network Node Manager (NNM) is a software application designed for management, maintenance and monitoring of networks and network devices. A command execution vulnerability exists in HP OpenView Network Node Manager. An attacker can exploit the vulnerability by supplying a specially crafted URL to the target system.This will result in execution of arbitrary commands in the context of the currently running Web service.
Update/Patch AvaliableApply patches:
http://support.openview.hp.com/patches/
Vulnerability DetailsThe vulnerability is due to improper validation of the "connectedNodes.ovpl" script that does not properly filter a specially crafted URI node parameter. This can be exploited by a remote attacker to execute arbitrary shell commands.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK