CVE-2008-4559

iDEFENSE Security Advisory 2009-02-06.1

Severity Score

9.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via shell metacharacters in argument fields to the (1) webappmon.exe or (2) OpenView5.exe CGI program. NOTE: this issue may be partially covered by CVE-2009-0205.

HP OpenView Network Node Manager (OV NNM) v7.01, v7.51, y v7.53, permite a atacantes remotos ejecutar código de su elección a través de caracteres de consola en los campos de argumentos a los programas CGI (1) webappmon.exe o (2) OpenView5.exe NOTA: esta cuestión se encuentra parcialmente tratado en el CVE-2009-0205.

Remote exploitation of multiple command injection vulnerabilities in Hewlett-Packard Development Co. LP (HP)'s Network Node Manager, could allow an attacker to execute arbitrary code with the privileges of the affected service. Multiple command injection vulnerabilities are present in NNM CGI applications. The vulnerabilities are very similar and occur in the webappmon.exe and OpenView5.exe program. iDefense has confirmed the existence of these vulnerabilities in Network Node Manager version 7.53 for Linux. Previous versions, as well as versions for other Unix based operating systems, may also be affected.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2008-10-14 CVE Reserved
2009-02-06 CVE Published
2024-09-17 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation

CAPEC

References (2)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=770	2019-10-09

URL	Date	SRC
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01661610	2019-10-09

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Hp Search vendor "Hp"		Openview Network Node Manager Search vendor "Hp" for product "Openview Network Node Manager"				7.0.1 Search vendor "Hp" for product "Openview Network Node Manager" and version "7.0.1"		hp_ux		Affected
Hp Search vendor "Hp"		Openview Network Node Manager Search vendor "Hp" for product "Openview Network Node Manager"				7.0.1 Search vendor "Hp" for product "Openview Network Node Manager" and version "7.0.1"		linux		Affected
Hp Search vendor "Hp"		Openview Network Node Manager Search vendor "Hp" for product "Openview Network Node Manager"				7.0.1 Search vendor "Hp" for product "Openview Network Node Manager" and version "7.0.1"		solaris		Affected
Hp Search vendor "Hp"		Openview Network Node Manager Search vendor "Hp" for product "Openview Network Node Manager"				7.0.1 Search vendor "Hp" for product "Openview Network Node Manager" and version "7.0.1"		windows		Affected
Hp Search vendor "Hp"		Openview Network Node Manager Search vendor "Hp" for product "Openview Network Node Manager"				7.51 Search vendor "Hp" for product "Openview Network Node Manager" and version "7.51"		hp-ux		Affected
Hp Search vendor "Hp"		Openview Network Node Manager Search vendor "Hp" for product "Openview Network Node Manager"				7.51 Search vendor "Hp" for product "Openview Network Node Manager" and version "7.51"		linux		Affected
Hp Search vendor "Hp"		Openview Network Node Manager Search vendor "Hp" for product "Openview Network Node Manager"				7.51 Search vendor "Hp" for product "Openview Network Node Manager" and version "7.51"		solaris		Affected
Hp Search vendor "Hp"		Openview Network Node Manager Search vendor "Hp" for product "Openview Network Node Manager"				7.51 Search vendor "Hp" for product "Openview Network Node Manager" and version "7.51"		windows		Affected
Hp Search vendor "Hp"		Openview Network Node Manager Search vendor "Hp" for product "Openview Network Node Manager"				7.53 Search vendor "Hp" for product "Openview Network Node Manager" and version "7.53"		hp-ux		Affected
Hp Search vendor "Hp"		Openview Network Node Manager Search vendor "Hp" for product "Openview Network Node Manager"				7.53 Search vendor "Hp" for product "Openview Network Node Manager" and version "7.53"		linux		Affected
Hp Search vendor "Hp"		Openview Network Node Manager Search vendor "Hp" for product "Openview Network Node Manager"				7.53 Search vendor "Hp" for product "Openview Network Node Manager" and version "7.53"		solaris		Affected
Hp Search vendor "Hp"		Openview Network Node Manager Search vendor "Hp" for product "Openview Network Node Manager"				7.53 Search vendor "Hp" for product "Openview Network Node Manager" and version "7.53"		windows		Affected