Vulnerability Details : CVE-2011-0923
Public exploit exists!
The client in HP Data Protector does not properly validate EXEC_CMD arguments, which allows remote attackers to execute arbitrary Perl code via a crafted command, related to the "local bin directory."
Vulnerability category: Input validation
Products affected by CVE-2011-0923
- cpe:2.3:a:hp:data_protector:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-0923
97.25%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2011-0923
-
HP Data Protector 6.1 EXEC_CMD Command Execution
Disclosure Date: 2011-02-07First seen: 2020-04-26auxiliary/admin/hp/hp_data_protector_cmdThis module exploits HP Data Protector's omniinet process, specifically against a Windows setup. When an EXEC_CMD packet is sent, omniinet.exe will attempt to look for that user-supplied filename with kernel32!FindFirstFileW(). If the file is found, the pro -
HP Data Protector 6 EXEC_CMD Remote Code Execution
Disclosure Date: 2011-02-07First seen: 2020-04-26exploit/linux/misc/hp_data_protector_cmd_execThis exploit abuses a vulnerability in the HP Data Protector service. This flaw allows an unauthenticated attacker to take advantage of the EXEC_CMD command and traverse back to /bin/sh, this allows arbitrary remote code execution under the context of root. Au
CVSS scores for CVE-2011-0923
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2011-0923
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-0923
-
http://securityreason.com/securityalert/8261
HP Data Protector Client EXEC_CMD Remote Code Execution PoC (ZDI-11-055) - CXSecurity.com
-
http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-hp
Threat Intelligence | Digital Vaccine® | ThreatLinQ | Trend Micro
-
http://securityreason.com/securityalert/8329
HP Data Protector Remote Shell for HP-UX - CXSecurity.com
-
http://www.securityfocus.com/bid/46234
HP OpenView Storage Data Protector Multiple Remote Code Execution Vulnerabilities
-
http://securityreason.com/securityalert/8323
HP Data Protector Remote Shell for HPUX - CXSecurity.com
-
http://zerodayinitiative.com/advisories/ZDI-11-055/
ZDI-11-055 | Zero Day Initiative
-
http://www.vupen.com/english/advisories/2011/0308
Webmail | OVH- OVHVendor Advisory
-
http://marc.info/?l=bugtraq&m=130391284726795&w=2
'[security bulletin] HPSBMA02654 SSRT100441 rev.1 - HP OpenView Storage Data Protector, Remote Execut' - MARC
Jump to