HP OpenView Network Node Manager Multiple Scripts Remote Command Execution

high Nessus Plugin ID 19555

Synopsis

The remote web server contains a CGI script that allows execution of arbitrary commands.

Description

The remote version of HP OpenView Network Node Manager fails to sanitize user-supplied input to various parameters used in the 'cdpView.ovpl', 'connectedNotes.ovpl', 'ecscmg.ovpl', and 'freeIPaddrs.ovpl' scripts before using it to run a command. By leveraging these flaws, an unauthenticated attacker may be able to execute arbitrary commands on the remote host within the context of the affected web server userid.

Solution

Apply the appropriate patch referenced in the vendor's advisory above.

See Also

https://www.securityfocus.com/archive/1/409179

https://www.securityfocus.com/archive/1/409196

http://www.securityfocus.com/advisories/9150

http://www4.itrc.hp.com/service/cki/docDisplay.do?docId=c00604164

Plugin Details

Severity: High

ID: 19555

File Name: openview_nnm_cmd_exec.nasl

Version: 1.23

Type: remote

Family: CGI abuses

Published: 9/1/2005

Updated: 4/25/2023

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.0

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2005-2773

Vulnerability Information

CPE: cpe:/a:hp:openview_network_node_manager

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 8/25/2005

CISA Known Exploited Vulnerability Due Dates: 4/15/2022

Exploitable With

Metasploit (HP Openview connectedNodes.ovpl Remote Command Execution)

Reference Information

CVE: CVE-2005-2773

BID: 14662, 14737