VYPR
← All advisories
Unrated severityNVD Advisory· Published Sep 20, 2001· Updated Jun 16, 2026

CVE-2001-0552

CVE-2001-0552

Description

ovactiond in HP OpenView Network Node Manager (NNM) 6.1 and Tivoli Netview 5.x and 6.x allows remote attackers to execute arbitrary commands via shell metacharacters in a certain SNMP trap message.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

6
  • Microfocus/OpenView Network Node Manager3 versions
    cpe:2.3:a:hp:openview_network_node_manager:5.01:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:hp:openview_network_node_manager:5.01:*:*:*:*:*:*:*
    • cpe:2.3:a:hp:openview_network_node_manager:6.1:*:*:*:*:*:*:*
    • (no CPE)range: =6.1
  • IBM/Tivoli Netview2 versions
    cpe:2.3:a:ibm:tivoli_netview:5.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:ibm:tivoli_netview:5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:tivoli_netview:6.0:*:*:*:*:*:*:*
  • Tivoli/Netviewllm-fuzzy
    Range: 5.x, 6.x

Patches

Vulnerability mechanics

Root cause

"The ovactiond service in HP OpenView Network Node Manager (NNM) improperly handles shell metacharacters within SNMP trap messages."

Attack vector

A remote attacker can send a specially crafted SNMP trap message containing shell metacharacters to the ovactiond service. The service then processes this message, allowing the attacker to inject and execute arbitrary commands on the affected system. This vulnerability is present in HP OpenView Network Node Manager (NNM) 6.1 and Tivoli Netview 5.x and 6.x. [ref_id=1]

Affected code

The vulnerability resides within the ovactiond service of HP OpenView Network Node Manager (NNM). The advisory does not specify exact file paths or function names, but indicates that the handling of SNMP trap messages is the source of the flaw. [ref_id=1]

What the fix does

Hewlett-Packard released patches to address this vulnerability. Applying the appropriate patch for the specific platform and NNM version resolves the issue by properly sanitizing or validating the input within the SNMP trap messages. The advisory notes that NNM 6.2 is not vulnerable and recommends updating to this version or applying the provided patches for NNM 6.1. [ref_id=1]

Preconditions

  • inputThe system must be running HP OpenView Network Node Manager (NNM) 6.1 or Tivoli Netview 5.x and 6.x. [ref_id=1]
  • networkThe attacker must be able to send network traffic to the vulnerable service.

Reproduction

http://www.securityfocus.com/bid/2845

Generated on Jun 1, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

4

News mentions

0

No linked articles in our index yet.