RCE in Hp Openview_network_node_manager

CVE-2011-0271

The CGI scripts in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 do not properly validate an unspecified parameter, which allows remote attackers to execute arbitrary commands by using a command string for this parameter's value…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.155 (94.8th percentile) — read the EPSS interpretation.

Affected products

Hp Openview_network_node_manager — versions 7.51, 7.53
N/a — versions n/a

Weakness classification (CWE)

CWE-78 — OS Command Injection

References

HPSBMA02621 (x_refsource_HP, vendor-advisory)
ADV-2011-0085 (vdb-entry, x_refsource_VUPEN)
hp-opennnm-cgi-command-exec(64657) (vdb-entry, x_refsource_XF)
20110110 HP Network Node Manager Command Injection Vulnerability (x_refsource_IDEFENSE, third-party-advisory)
45762 (vdb-entry, x_refsource_BID)
1024951 (vdb-entry, x_refsource_SECTRACK)