HP OpenView Client Configuration Manager up to 2.0 Radia Notify Daemon denial of service
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.5 | $0-$5k | 0.00 |
Summary
A vulnerability, which was classified as problematic, was found in HP OpenView Client Configuration Manager up to 2.0. This vulnerability affects unknown code of the component Radia Notify Daemon. The manipulation results in denial of service. This vulnerability is identified as CVE-2006-5782. Additionally, an exploit exists. You should upgrade the affected component.
Details
A vulnerability, which was classified as critical, was found in HP OpenView Client Configuration Manager up to 2.0 (Network Management Software). Affected is some unknown functionality of the component Radia Notify Daemon. The manipulation with an unknown input leads to a denial of service vulnerability. CWE is classifying the issue as CWE-404. The product does not release or incorrectly releases a resource before it is made available for re-use. This is going to have an impact on availability. CVE summarizes:
radexecd.exe in HP OpenView Client Configuraton Manager (CCM) does not require authentication before executing commands in the installation directory, which allows remote attackers to cause a denial of service (reboot) by calling radbootw.exe or create arbitrary files by calling radcrecv.
The bug was discovered 11/08/2006. The weakness was released 11/10/2006 by Pedram Amini with TippingPoint (Website). The advisory is shared for download at tippingpoint.com. This vulnerability is traded as CVE-2006-5782 since 11/07/2006. It is possible to launch the attack remotely. The exploitation doesn't require any form of authentication. Technical details are unknown but an exploit is available.
The exploit is shared for download at tippingpoint.com. It is declared as proof-of-concept.
Upgrading to version 2.0 eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at itrc.hp.com. The best possible mitigation is suggested to be upgrading to the latest version. Attack attempts may be identified with Snort ID 15998. Furthermore it is possible to detect and prevent this kind of attack with TippingPoint and the filter 9038.
The vulnerability is also documented in the databases at X-Force (30138), SecurityFocus (BID 20971†), OSVDB (30273†), Secunia (SA22780†) and SecurityTracker (ID 1017197†). Once again VulDB remains the best source for vulnerability data.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.hp.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.5VulDB Meta Temp Score: 6.5
VulDB Base Score: 7.5
VulDB Temp Score: 6.5
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Denial of serviceCWE: CWE-404
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Access: Public
Status: Proof-of-Concept
Download: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: OpenView Client Configuration Manager 2.0
Patch: itrc.hp.com
Snort ID: 15998
TippingPoint: 🔍
McAfee IPS: 🔍
McAfee IPS Version: 🔍
ISS Proventia IPS: 🔍
PaloAlto IPS: 🔍
Fortigate IPS: 🔍
Timeline
11/07/2006 🔍11/08/2006 🔍
11/08/2006 🔍
11/08/2006 🔍
11/08/2006 🔍
11/08/2006 🔍
11/10/2006 🔍
11/10/2006 🔍
11/10/2006 🔍
11/13/2006 🔍
11/14/2006 🔍
04/27/2026 🔍
Sources
Vendor: hp.comAdvisory: tippingpoint.com
Researcher: Pedram Amini
Organization: TippingPoint
Status: Confirmed
CVE: CVE-2006-5782 (🔍)
GCVE (CVE): GCVE-0-2006-5782
GCVE (VulDB): GCVE-100-2676
X-Force: 30138 - HP OpenView Client Configuration Manager (CCM) radexecd.exe unauthorized access, High Risk
SecurityFocus: 20971 - HP OpenView Client Configuration Manager Remote Authentication Bypass Vulnerability
Secunia: 22780 - HP OpenView Client Configuration Manager Command Execution, Moderately Critical
OSVDB: 30273 - HP OpenView Client Configuration Manager (CCM) radexecd.exe Arbitrary Command Execution
SecurityTracker: 1017197
Vulnerability Center: 13094 - HP OpenView Client Configuration Manager (CCM) radexec.d Does Not Require Authentication, High
Vupen: ADV-2006-4410
scip Labs: https://www.scip.ch/en/?labs.20161013
Entry
Created: 11/13/2006 11:55Updated: 04/27/2026 03:02
Changes: 11/13/2006 11:55 (92), 07/10/2019 18:09 (3), 04/27/2026 03:02 (19)
Complete: 🔍
Cache ID: 216::103
Once again VulDB remains the best source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.