CVE-2005-2773

CRITICAL KEV

HP OpenView Network Node Manager <7.50 - RCE

Title source: llm

Description

HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) node parameter to connectedNodes.ovpl, (2) cdpView.ovpl, (3) freeIPaddrs.ovpl, and (4) ecscmg.ovpl.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotelinux
https://www.exploit-db.com/exploits/16887
exploitdb WORKING POC VERIFIED
by Lympex · cremotemultiple
https://www.exploit-db.com/exploits/1188
metasploit WORKING POC EXCELLENT
rubypocunix
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/openview_connectednodes_exec.rb

References (6)

Scores

CVSS v3 9.8
EPSS 0.8982
EPSS Percentile 99.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-03-25
VulnCheck KEV 2020-12-01
InTheWild.io 2022-03-25
ENISA EUVD EUVD-2005-2774
CWE
CWE-77
Status published
Products (1)
hp/openview_network_node_manager 6.2 - 7.50
Published Sep 02, 2005
KEV Added Mar 25, 2022
Tracked Since Feb 18, 2026