Executive Summary
| Summary | |
|---|---|
| Title | HP OpenView Storage Data Protector, Remote Execution of Arbitrary Code |
| Informations | |||
|---|---|---|---|
| Name | HPSBMA02654 SSRT100441 | First vendor Publication | 2011-04-25 |
| Vendor | HP | Last vendor Modification | 2011-04-25 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Potential security vulnerabilities has been identified with HP OpenView Storage Data Protector. These vulnerabilities could be remotely exploited to execute arbitrary code. |
Original Source
| Url : http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02781143 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-20 | Improper Input Validation |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 1 |
SAINT Exploits
| Description | Link |
|---|---|
| HP Data Protector Client EXEC_CMD Command Execution | More info here |
| HP Data Protector Client agent EXEC_SETUP code execution | More info here |
ExploitDB Exploits
| id | Description |
|---|---|
| 2013-08-07 | HP Data Protector Arbitrary Remote Command Execution |
| 2013-08-02 | HP Data Protector CMD Install Service Vulnerability (msf) |
| 2012-06-19 | HP Data Protector Client EXEC_CMD Remote Code Execution |
| 2011-08-10 | HP Data Protector Remote Root Shell for Linux |
| 2011-08-05 | HP Data Protector Remote Shell for HP-UX |
| 2011-05-29 | HP Data Protector Client EXEC_SETUP Remote Code Execution PoC (ZDI-11-056) |
| 2011-05-28 | HP Data Protector Client EXEC_CMD Remote Code Execution PoC (ZDI-11-055) |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2011-06-13 | Name : HP Data Protector Client 'EXEC_CMD' Remote Code Execution Vulnerability File : nvt/gb_hp_data_protector_exec_cmd_code_exec_vuln.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 72527 | HP Data Protector Client EXEC_CMD omni_chk_ds.sh Remote Code Execution |
| 72526 | HP Data Protector Client EXEC_CMD Perl Interpreter Crafted Input Remote Code ... |
| 72525 | HP Data Protector Client EXEC_SETUP Arbitrary Setup File Invocation Remote Co... |
| 72524 | HP Data Protector Cell Manager Service (crs.exe) Unspecified Authentication B... |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2019-08-31 | HP OpenView Storage Data Protector arbitrary command execution attempt RuleID : 50829 - Revision : 1 - Type : SERVER-OTHER |
| 2019-08-31 | HP OpenView Storage Data Protector arbitrary command execution attempt RuleID : 50828 - Revision : 1 - Type : SERVER-OTHER |
| 2019-05-23 | HP OpenView Storage Data Protector arbitrary command execution attempt RuleID : 49893 - Revision : 2 - Type : SERVER-OTHER |
| 2019-05-23 | HP OpenView Storage Data Protector arbitrary command execution attempt RuleID : 49892 - Revision : 1 - Type : SERVER-OTHER |
| 2019-05-23 | HP OpenView Storage Data Protector arbitrary command execution attempt RuleID : 49891 - Revision : 1 - Type : SERVER-OTHER |
| 2019-05-23 | HP OpenView Storage Data Protector arbitrary command execution attempt RuleID : 49890 - Revision : 2 - Type : SERVER-OTHER |
| 2016-08-09 | HP OpenView Storage Data Protector arbitrary command execution attempt RuleID : 39453 - Revision : 2 - Type : SERVER-OTHER |
| 2016-03-15 | HP OpenView Storage Data Protector arbitrary command execution attempt RuleID : 37667 - Revision : 2 - Type : SERVER-OTHER |
| 2016-03-15 | HP OpenView Storage Data Protector arbitrary command execution attempt RuleID : 37666 - Revision : 2 - Type : SERVER-OTHER |
| 2016-03-14 | HP OpenView Storage Data Protector arbitrary command execution attempt RuleID : 36159 - Revision : 4 - Type : SERVER-OTHER |
| 2016-03-14 | HP OpenView Storage Data Protector arbitrary command execution attempt RuleID : 36158 - Revision : 4 - Type : SERVER-OTHER |
| 2014-03-15 | HP OpenView Storage Data Protector arbitrary command execution attempt RuleID : 29801 - Revision : 8 - Type : SERVER-OTHER |
| 2014-03-08 | HP OpenView Storage Data Protector buffer overflow attempt RuleID : 29630 - Revision : 6 - Type : SERVER-OTHER |
| 2014-03-06 | HP OpenView Storage Data Protector buffer overflow attempt RuleID : 29603 - Revision : 6 - Type : SERVER-OTHER |
| 2014-03-06 | HP OpenView Storage Data Protector arbitrary command execution attempt RuleID : 29518 - Revision : 10 - Type : SERVER-OTHER |
| 2014-01-10 | HP Data Protector client EXEC_CMD command execution attempt RuleID : 24223 - Revision : 7 - Type : SERVER-OTHER |
| 2014-01-10 | HP Data Protector client EXEC_CMD command execution attempt RuleID : 24222 - Revision : 7 - Type : SERVER-OTHER |
| 2014-01-10 | HP Data Protector client EXEC_CMD command execution attempt RuleID : 24221 - Revision : 6 - Type : SERVER-OTHER |
| 2014-01-10 | HP Data Protector Backup Client Service code execution attempt RuleID : 18754 - Revision : 9 - Type : SERVER-OTHER |
