What is CVE-2009-3845?

CVE-2009-3845 is a vulnerability in HP OpenView Network Node Manager that allows remote attackers to execute arbitrary commands via shell metacharacters in the hostname parameter.

What versions of HP OpenView Network Node Manager are affected by CVE-2009-3845?

The impacted versions are 7.01, 7.51, and 7.53 for various operating systems including Windows, Solaris, Linux, and HP-UX.

What is the potential impact of exploiting CVE-2009-3845?

Exploitation of CVE-2009-3845 could allow an attacker to execute arbitrary commands on the affected systems, leading to unauthorized access and control.

How can CVE-2009-3845 be mitigated?

To mitigate CVE-2009-3845, it is recommended to upgrade to a patched version of HP OpenView Network Node Manager that resolves this vulnerability.

Is there a known fix for CVE-2009-3845?

Yes, the recommended action is to update to a version of HP OpenView Network Node Manager that does not contain this vulnerability.

Vulnerability/
CVE-2009-3845

critical

CWE

NVD-CWE-Other

10/12/2009

7/8/2024

CVE-2009-3845

First published: Thu Dec 10 2009(Updated: )

The port-3443 HTTP server in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostname parameter to unspecified Perl scripts.

Credit: hp-security-alert@hp.com

Affected Software	Affected Version	How to fix
HP OpenView Network Node Manager	=7.53
HP OpenView Network Node Manager	=7.53
HP OpenView Network Node Manager	=7.0.1
HP OpenView Network Node Manager	=7.51
HP OpenView Network Node Manager	=7.51
HP OpenView Network Node Manager	=7.0.1
HP OpenView Network Node Manager	=7.0.1
HP OpenView Network Node Manager	=7.53
HP OpenView Network Node Manager	=7.51
HP OpenView Network Node Manager	=7.53
HP OpenView Network Node Manager	=7.0.1
HP OpenView Network Node Manager	=7.51

Remedy

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2009-3845?
CVE-2009-3845 is a vulnerability in HP OpenView Network Node Manager that allows remote attackers to execute arbitrary commands via shell metacharacters in the hostname parameter.
What versions of HP OpenView Network Node Manager are affected by CVE-2009-3845?
The impacted versions are 7.01, 7.51, and 7.53 for various operating systems including Windows, Solaris, Linux, and HP-UX.
What is the potential impact of exploiting CVE-2009-3845?
Exploitation of CVE-2009-3845 could allow an attacker to execute arbitrary commands on the affected systems, leading to unauthorized access and control.
How can CVE-2009-3845 be mitigated?
To mitigate CVE-2009-3845, it is recommended to upgrade to a patched version of HP OpenView Network Node Manager that resolves this vulnerability.
Is there a known fix for CVE-2009-3845?
Yes, the recommended action is to update to a version of HP OpenView Network Node Manager that does not contain this vulnerability.

agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/weakness
agent/references
agent/last-modified-date
agent/remedy
agent/severity
agent/author
agent/description
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-index
vendor/hp
canonical/hp openview network node manager
version/hp openview network node manager/7.53
version/hp openview network node manager/7.0.1
version/hp openview network node manager/7.51