HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) node parameter to connectedNodes.ovpl, (2) cdpView.ovpl, (3) freeIPaddrs.ovpl, and (4) ecscmg.ovpl.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HHP Openview Network Node Manager
APPHp6.2 – 7.50
CISA KEV — detailsi
- Vendori
- Hewlett Packard (HP)
- Producti
- OpenView Network Node Manager
- Added to KEVi
- March 25, 2022
- Remediation deadline (US Federal)i
- April 15, 2022(overdue)
Apply updates per vendor instructions.
HP OpenView Network Node Manager could allow a remote attacker to execute arbitrary commands on the system.
Related vulnerabilities
Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers t...
Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers t...
Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers t...
Buffer overflow in the stringToSeconds function in ovutil.dll in ovwebsnmpsrv.exe in HP OpenView Network Node ...
Multiple stack-based buffer overflows in ovas.exe in the OVAS service in HP OpenView Network Node Manager (OV ...