virus logo Intrusion Prevention

HP.OpenView.NNM.Perl.CGI.Command.Injection

description-logoDescription

This indicates an attack attempt against a remote command execution vulnerability in Hewlett-Packard OpenView Network Node Manager.
A vulnerability has been reported in Hewlett-Packard OpenView Network Node Manager that may allow an attacker to execute shell commands on a vulnerable system. This is possible because the user input filters fail to properly sanitize the hostname parameter value that is passed to "setMon.ovpl". An attacker may include shell commands by supplying an injection string through the URL and a good string through POST request.

affected-products-logoAffected Products

HP OpenView Network Node Manager 7.50 Windows 2000/XP
HP OpenView Network Node Manager 7.50 Solaris
HP OpenView Network Node Manager 7.50 Linux
HP OpenView Network Node Manager 7.50 HP-UX 11.X
HP OpenView Network Node Manager 7.50
HP OpenView Network Node Manager 7.53
HP OpenView Network Node Manager 7.51
HP OpenView Network Node Manager 7.50
HP OpenView Network Node Manager 7.01

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Refer to the vendor's web site for suggested workaround.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

References

http://www.zerodayinitiative.com/advisories/ZDI-09-094/
ID 18039
Created Dec 29, 2009
Updated Jan 13, 2022
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon
CVE ID CVE-2009-3845
Exploit Prediction Score 2.92%
Default Action drop
Active
Affected OS Windows, Linux, Solaris, Other
Affected App HP