10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.755 High
EPSS
Percentile
98.1%
Added: 01/28/2014
CVE: CVE-2013-6194
BID: 64647
OSVDB: 101630
HP OpenView Storage Data Protector is a backup solution for enterprise and distributed environments.
A vulnerability in the Backup Client Service (OmniInet.exe) allows remote, unauthenticated attackers to write files to arbitrary locations by sending an opcode 42 request containing a directory traversal attack. This can be leveraged to execute arbitrary commands with SYSTEM privileges.
Apply the patch referenced in HPSBMU02895 SSRT101253.
<http://www.zerodayinitiative.com/advisories/ZDI-14-003/>
Exploit works on HP Data Protector 6.20 on Windows Server 2003 SP2 and Windows XP SP3.
Windows