Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:D9F10AD444F90B3A806BF1ACE5545160
HistoryFeb 10, 2015 - 12:00 a.m.

HP Data Protector Unauthenticated Remote Code Execution

2015-02-1000:00:00
SAINT Corporation
my.saintcorporation.com
33

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.523

Percentile

97.6%

JSON

Added: 02/10/2015
CVE: CVE-2014-2623
BID: 68672
OSVDB: 109069

Background

HP Data Protector is a backup solution for enterprise and distributed environments. Data Protector Manager listens on port 5555/TCP.

Problem

HP Data Protector is vulnerable to remote unauthenticated arbitrary command execution when processing specially crafted commands received on port 5555/TCP.

Resolution

Enable Encrypted Control Communications (ECC) services on the cell server and all of the clients in cell as described in HP Security Bulletin HPSBMU03072.

References

<https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04373818&gt;

Limitations

Exploit works on HP Data Protector 8.x on IA64 HP Server Rx3600.

Related

saint 7
exploitdb 4
prion 2
seebug 1
securityvulns 2
exploitpack 2
zdt 3
nvd 2
metasploit 1
cvelist 2
packetstorm 1
threatpost 1
cve 2
checkpoint_advisories 1
openvas 1
saint
saint
HP Data Protector Windows Unauthenticated Remote Code Execution
2015-02-18 00:00:00
HP Data Protector Unauthenticated Remote Code Execution
2015-02-10 00:00:00
HP Data Protector Windows Unauthenticated Remote Code Execution
2015-02-18 00:00:00
exploitdb
exploitdb
HP Data Protector 8.x - Remote Command Execution
2015-01-30 00:00:00
HP Data Protector Manager 8.10 - Remote Command Execution
2014-07-14 00:00:00
HP Data Protector 8.10 - Remote Command Execution (Metasploit)
2015-03-06 00:00:00
prion
prion
Code injection
2014-07-18 00:55:00
Authentication flaw
2016-04-21 11:00:00
seebug
seebug
HP Data Protector 8.x - Remote Command Execution
2015-09-17 00:00:00
securityvulns
securityvulns
[security bulletin] HPSBMU03072 SSRT101644 rev.1 - HP Data Protector, Remote Execution of Arbitrary Code
2014-07-21 00:00:00
HP Storage Data Protector code execution
2014-07-21 00:00:00
exploitpack
exploitpack
HP Data Protector 8.x - Remote Command Execution
2015-01-30 00:00:00
HP Data Protector A.09.00 - Arbitrary Command Execution
2016-05-26 00:00:00
zdt
zdt
HP Data Protector 8.10 Remote Command Execution Exploit
2015-03-07 00:00:00
HP Data Protector 8.x - Remote Command Execution Exploit
2010-01-16 00:00:00
HP Data Protector A.09.00 - Arbitrary Command Execution
2016-05-26 00:00:00
nvd
nvd
CVE-2014-2623
2014-07-18 00:55:04
CVE-2016-2004
2016-04-21 11:00:04
metasploit
metasploit
HP Data Protector 8.10 Remote Command Execution
2015-03-04 19:01:06
cvelist
cvelist
CVE-2014-2623
2014-07-18 01:00:00
CVE-2016-2004
2016-04-21 10:00:00
packetstorm
packetstorm
HP Data Protector 8.10 Remote Command Execution
2015-03-05 00:00:00
threatpost
threatpost
Operation Prowli Profits On Weak IoT Devices, Servers
2018-06-07 17:06:55
cve
cve
CVE-2014-2623
2014-07-18 01:00:00
CVE-2016-2004
2016-04-21 11:00:04
checkpoint_advisories
checkpoint_advisories
HP Data Protector Opcode 28 and 11 Command Execution (CVE-2013-2347; CVE-2014-2623)
2014-08-06 00:00:00
openvas
openvas
HP (OpenView Storage) Data Protector Multiple Vulnerabilities
2014-02-18 00:00:00

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.523

Percentile

97.6%

JSON
Related for SAINT:D9F10AD444F90B3A806BF1ACE5545160
saint7exploitdb4prion2seebug1securityvulns2exploitpack2zdt3nvd2metasploit1cvelist2packetstorm1threatpost1cve2checkpoint_advisories1openvas1