CVE-2009-3845

2009-12-1022:30:00

web.nvd.nist.gov

openview

nnm

cve-2009-3845

remote execution

security vulnerability

http server

perl scripts

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.4

Confidence

Low

EPSS

0.029

Percentile

90.9%

JSON

The port-3443 HTTP server in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostname parameter to unspecified Perl scripts.

Affected configurations

Nvd

Node

hpopenview_network_node_managerMatch7.0.1hp_ux

hpopenview_network_node_managerMatch7.0.1linux

hpopenview_network_node_managerMatch7.0.1solaris

hpopenview_network_node_managerMatch7.0.1windows

hpopenview_network_node_managerMatch7.51-hp-ux

hpopenview_network_node_managerMatch7.51-linux

hpopenview_network_node_managerMatch7.51-solaris

hpopenview_network_node_managerMatch7.51-windows

hpopenview_network_node_managerMatch7.53-hp-ux

hpopenview_network_node_managerMatch7.53-linux

hpopenview_network_node_managerMatch7.53-solaris

hpopenview_network_node_managerMatch7.53-windows

VendorProductVersionCPE
hpopenview_network_node_manager7.0.1cpe:2.3:a:hp:openview_network_node_manager:7.0.1:*:hp_ux:*:*:*:*:*
hpopenview_network_node_manager7.0.1cpe:2.3:a:hp:openview_network_node_manager:7.0.1:*:linux:*:*:*:*:*
hpopenview_network_node_manager7.0.1cpe:2.3:a:hp:openview_network_node_manager:7.0.1:*:solaris:*:*:*:*:*
hpopenview_network_node_manager7.0.1cpe:2.3:a:hp:openview_network_node_manager:7.0.1:*:windows:*:*:*:*:*
hpopenview_network_node_manager7.51cpe:2.3:a:hp:openview_network_node_manager:7.51:-:hp-ux:*:*:*:*:*
hpopenview_network_node_manager7.51cpe:2.3:a:hp:openview_network_node_manager:7.51:-:linux:*:*:*:*:*
hpopenview_network_node_manager7.51cpe:2.3:a:hp:openview_network_node_manager:7.51:-:solaris:*:*:*:*:*
hpopenview_network_node_manager7.51cpe:2.3:a:hp:openview_network_node_manager:7.51:-:windows:*:*:*:*:*
hpopenview_network_node_manager7.53cpe:2.3:a:hp:openview_network_node_manager:7.53:-:hp-ux:*:*:*:*:*
hpopenview_network_node_manager7.53cpe:2.3:a:hp:openview_network_node_manager:7.53:-:linux:*:*:*:*:*

Vendor	Product	Version	CPE
hp	openview_network_node_manager	7.0.1	cpe:2.3:a:hp:openview_network_node_manager:7.0.1::hp_ux:::::
hp	openview_network_node_manager	7.0.1	cpe:2.3:a:hp:openview_network_node_manager:7.0.1::linux:::::
hp	openview_network_node_manager	7.0.1	cpe:2.3:a:hp:openview_network_node_manager:7.0.1::solaris:::::
hp	openview_network_node_manager	7.0.1	cpe:2.3:a:hp:openview_network_node_manager:7.0.1::windows:::::
hp	openview_network_node_manager	7.51	cpe:2.3:a:hp:openview_network_node_manager:7.51:-:hp-ux:::::*
hp	openview_network_node_manager	7.51	cpe:2.3:a:hp:openview_network_node_manager:7.51:-:linux:::::*
hp	openview_network_node_manager	7.51	cpe:2.3:a:hp:openview_network_node_manager:7.51:-:solaris:::::*
hp	openview_network_node_manager	7.51	cpe:2.3:a:hp:openview_network_node_manager:7.51:-:windows:::::*
hp	openview_network_node_manager	7.53	cpe:2.3:a:hp:openview_network_node_manager:7.53:-:hp-ux:::::*
hp	openview_network_node_manager	7.53	cpe:2.3:a:hp:openview_network_node_manager:7.53:-:linux:::::*