CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
97.4%
Added: 03/21/2014
CVE: CVE-2013-2347
BID: 64647
OSVDB: 101626
HP OpenView Storage Data Protector is a backup solution for enterprise and distributed environments. HP Data Protectorโs Backup Client Service (OmniInet.exe) listens on TCP port 5555 for communications between managed systems.
HP Data Protector is vulnerable to remote code execution due to the Backup Client Service (OmniInet.exe) service not properly sanitizing user-supplied input. By sending a specially crafted EXEC_BAR packet, a remote attacker could execute arbitrary commands in the context of the SYSTEM user.
Apply patches as described in HP Security Bulletin HPSBMU02895 SSRT101253.
<http://www.zerodayinitiative.com/advisories/ZDI-14-008/>
Exploit works on HP Data Protector 6.20 on Windows 2003 SP2 and Windows 2008 R2.
Windows