🚨 CRITICAL ALERT: Active Zero-Day Exploits

Threat actors are actively exploiting CVSS 9.8 and CVSS 8.8 vulnerabilities listed in CISA’s Known Exploited Vulnerabilities (KEV) catalog, enabling remote code execution on legacy systems still in use. Immediate patching or isolation is critical to prevent compromise.

Critical Vulnerabilities (CVSS >= 8.0)

• CVE-2005-2773 (CVSS: 9.8): HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) node parameter to connectedNodes.ovpl, (2) cdpView.ovpl, (3) freeIPaddrs.ovpl, and (4) ecscmg.ovpl. Active exploitation confirmed with Metasploit modules available. View NVD | CISA KEV
• CVE-2006-2492 (CVSS: 8.8): Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 SP1 and SP2, and Microsoft Works Suites through 2006 allows user-assisted attackers to execute arbitrary code via a malformed object pointer. Zero-day attacks reported. View NVD | CISA KEV

⚡ Immediate Actions Required

• Inventory systems: Immediately scan for HP OpenView Network Node Manager 6.2-7.50 and vulnerable Microsoft Office/Works versions.
• Apply mitigations: Patch per vendor instructions or isolate/uninstall affected software. CISA mandates action due to active exploitation.
• Network segmentation: Block external access to OVPL scripts (connectedNodes.ovpl, cdpView.ovpl, etc.) and monitor for anomalous command execution.
• Detect & respond: Deploy IDS signatures for shell metacharacters and buffer overflow patterns. Hunt for Metasploit usage of CVE-2005-2773.
• Report incidents: Notify CISA via KEV process if exploitation suspected.