CVE-2005-2773
Summary
| CVE | CVE-2005-2773 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2005-09-02 23:03:00 UTC |
| Updated | 2026-04-16 14:03:02 UTC |
| Description | HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) node parameter to connectedNodes.ovpl, (2) cdpView.ovpl, (3) freeIPaddrs.ovpl, and (4) ecscmg.ovpl. |
Risk And Classification
Primary CVSS: v3.1 9.8 CRITICAL from [email protected]
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS: 0.898220000 probability, percentile 0.995740000 (date 2026-04-23)
CISA KEV: Listed on 2022-03-25; due 2022-04-15; ransomware use Unknown
Problem Types: CWE-77 | n/a | CWE-77 CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | [email protected] | Primary | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| 3.1 | ADP | DECLARED | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| 3.1 | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | Secondary | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| 2.0 | [email protected] | Primary | 7.5 | AV:N/AC:L/Au:N/C:P/I:P/A:P |
CVSS v3.1 Breakdown
Attack Vector
NetworkAttack Complexity
LowPrivileges Required
NoneUser Interaction
NoneScope
UnchangedConfidentiality
HighIntegrity
HighAvailability
HighCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
NoneConfidentiality
PartialIntegrity
PartialAvailability
PartialAV:N/AC:L/Au:N/C:P/I:P/A:P
CISA Known Exploited Vulnerability
| Vendor | Hewlett Packard (HP) |
|---|---|
| Product | OpenView Network Node Manager |
| Name | HP OpenView Network Node Manager Remote Code Execution Vulnerability |
| Required Action | Apply updates per vendor instructions. |
| Notes | https://nvd.nist.gov/vuln/detail/CVE-2005-2773 |
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Hp | Openview Network Node Manager | All | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| IBM X-Force Exchange | af854a3a-2127-422b-91ae-364da2661108 | exchange.xforce.ibmcloud.com | Third Party Advisory |
| HP OpenView Network Node Manager Multiple Remote Command Execution Vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | Broken Link |
| www.cisa.gov/known-exploited-vulnerabilities-catalog | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | www.cisa.gov | US Government Resource |
| Secunia - Advisories - HP Openview Network Node Manager Arbitrary Command Execution | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Not Applicable |
| Advisory: SSRT051023 rev.0 - HP Openview Network Node Manager (OV NNM) Remote Unauthorized Access | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | Broken Link |
| 'Portcullis Security Advisory 05-014 HP Openview Remote Command' - MARC | af854a3a-2127-422b-91ae-364da2661108 | marc.info | Exploit, Issue Tracking, Mailing List |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
| CISA Known Exploited Vulnerabilities catalog | CISA | www.cisa.gov | kev |
No vendor comments have been submitted for this CVE.
Additional Advisory Data
| Source | Time | Event |
|---|---|---|
| ADP | 2022-03-25T00:00:00.000Z | CVE-2005-2773 added to CISA KEV |
There are currently no legacy QID mappings associated with this CVE.