This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: A Remote Command Execution flaw in HP OpenView Network Node Manager (OV NNM). <br>π₯ **Consequences**: Attackers can inject shell metacharacters to execute arbitrary commands on the server.β¦
π‘οΈ **Root Cause**: Lack of Input Validation. <br>π **Flaw**: The application fails to sanitize user inputs in specific `.ovpl` files. It directly passes untrusted data to the OS shell, allowing command injection.
Q3Who is affected? (Versions/Components)
π¦ **Affected Versions**: HP OpenView Network Node Manager (OV NNM) versions **6.2 through 7.50**. <br>π’ **Component**: The web interface handling specific management scripts.
Q4What can hackers do? (Privileges/Data)
π **Attacker Actions**: Execute **arbitrary system commands** with the privileges of the NNM service account.β¦
βοΈ **Exploitation Threshold**: **Low**. <br>π **Auth**: Likely requires network access to the NNM web interface. <br>βοΈ **Config**: No complex setup needed; just send crafted requests to specific endpoints.
Q6Is there a public Exp? (PoC/Wild Exploitation)
π’ **Public Exploit**: **Yes**. <br>π **Evidence**: References from Secunia (16555), Bugtraq, and HP Security Advisory (HPSBMA01224) confirm public disclosure and known exploitation vectors.
Q7How to self-check? (Features/Scanning)
π **Self-Check**: Scan for the following vulnerable endpoints: <br>1. `connectedNodes.ovpl` <br>2. `cdpView.ovpl` <br>3. `freeIPaddrs.ovpl` <br>4. `ecscmg.ovpl` <br>π Look for unpatched NNM versions 6.2-7.50.
π₯ **Urgency**: **Critical**. <br>β° **Priority**: Immediate patching required. Since it allows remote command execution without complex prerequisites, it is a high-priority target for attackers.