iDefense Security Advisory 01.10.11 - Remote exploitation of a command injection vulnerability in Hewlett-Packard Development Co. LP (HP)'s Network Node Manager could allow an attacker to execute arbitrary commands with the privileges of the affected service. The vulnerability exists within CGI scripts provided with the NNM HTTP Server. These scripts do not effectively sanitize a particular parameter. It is possible for an attacker to supply a parameter containing a specially crafted command line string. The command line string will be executed on the affected NNM HTTP Server.
f5153b8e449537f0d6fc7c75cff355f01a92d7f35341bab532d9ce10312394bf