Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdi[email protected]ZDI-14-263
HistoryJul 23, 2014 - 12:00 a.m.

(0Day) Hewlett-Packard Data Protector Cell Request Service Opcode 1091 Directory Traversal Arbitrary File Write Vulnerability

2014-07-2300:00:00
[email protected]
www.zerodayinitiative.com
12

EPSS

0.957

Percentile

99.4%

JSON

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Data Protector. Authentication is not required to exploit this vulnerability. The specific flaw exists within crs.exe which listens by default on a random TCP port. When parsing opcode 1091, the process is vulnerable to directory traversal leading to creation of an arbitrary file . A remote attacker can chain this with another vulnerability to execute remote code under the context of the user running Data Protector.

Related

cve 1
cvelist 1
checkpoint_advisories 2
zdi 1
nvd 1
prion 1
cve
cve
CVE-2014-5160
2014-08-01 11:13:09
cvelist
cvelist
CVE-2014-5160
2014-08-01 10:00:00
checkpoint_advisories
checkpoint_advisories
HP Data Protector Opcode 305 Directory Traversal (CVE-2014-5160)
2014-10-13 00:00:00
HP Data Protector Opcode 1091 Directory Traversal (CVE-2014-5160)
2014-10-06 00:00:00
zdi
zdi
(0Day) Hewlett-Packard Data Protector Cell Request Service Opcode 305 Directory Traversal Arbitrary File Creation Vulnerability
2014-07-23 00:00:00
nvd
nvd
CVE-2014-5160
2014-08-01 11:13:09
prion
prion
Directory traversal
2014-08-01 11:13:00

EPSS

0.957

Percentile

99.4%

JSON
Related for ZDI-14-263
cve1cvelist1checkpoint_advisories2zdi1nvd1prion1