Lucene search

[email protected]CVE-2014-5160

HistoryAug 01, 2014 - 11:13 a.m.

CVE-2014-5160

2014-08-0111:13:00

CWE-22

[email protected]

web.nvd.nist.gov

cve-2014-5160

directory traversal

crs.exe

cell request service

hp data protector

remote attackers

arbitrary files

opcode-1091

opcode-305

7.2 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.96 High

EPSS

Percentile

99.5%

JSON

Multiple directory traversal vulnerabilities in crs.exe in the Cell Request Service in HP Data Protector allow remote attackers to create arbitrary files via an opcode-1091 request, or create or delete arbitrary files via an opcode-305 request. NOTE: the vendor reportedly asserts that this behavior is "by design.

CPENameOperatorVersion
hp:data_protectorhp data protectoreq6.11
hp:data_protectorhp data protectoreq6.10

CPE	Name	Operator	Version
hp:data_protector	hp data protector	eq	6.11
hp:data_protector	hp data protector	eq	6.10

References

zerodayinitiative.com/advisories/ZDI-14-262/

zerodayinitiative.com/advisories/ZDI-14-263/

7.2 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.96 High

EPSS

Percentile

99.5%

JSON

Related for CVE-2014-5160

cvelist1 checkpoint_advisories2 zdi2 prion1