Vulnerability Details : CVE-2014-2623
Public exploit exists!
Unspecified vulnerability in HP Storage Data Protector 8.x allows remote attackers to execute arbitrary code via unknown vectors.
Vulnerability category: Execute code
Exploit prediction scoring system (EPSS) score for CVE-2014-2623
Probability of exploitation activity in the next 30 days: 52.18%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 97 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2014-2623
-
HP Data Protector 8.10 Remote Command Execution
Disclosure Date: 2014-11-02First seen: 2020-04-26exploit/windows/misc/hp_dataprotector_cmd_execThis module exploits a remote command execution on HP Data Protector 8.10. Arbitrary commands can be executed by sending crafted requests with opcode 28 to the OmniInet service listening on the TCP/5555 port. Since there is a strict length limitation on the command,
CVSS scores for CVE-2014-2623
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
References for CVE-2014-2623
-
http://www.exploit-db.com/exploits/34066/
HP Data Protector Manager 8.10 - Remote Command Execution - Windows remote ExploitExploit;Third Party Advisory;VDB Entry
-
http://www.exploit-db.com/exploits/36304
HP Data Protector 8.10 - Remote Command Execution (Metasploit) - Windows remote ExploitExploit;Third Party Advisory;VDB Entry
-
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04373818
HP Support for Technical Help and Troubleshooting | HP® Customer Service.Not Applicable
-
http://www.exploit-db.com/exploits/35961
HP Data Protector 8.x - Remote Command Execution - HP-UX remote ExploitExploit;Third Party Advisory;VDB Entry
-
http://packetstormsecurity.com/files/130658/HP-Data-Protector-8.10-Remote-Command-Execution.html
HP Data Protector 8.10 Remote Command Execution ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
http://www.securitytracker.com/id/1030583
HP Data Protector Unspecified Flaw Lets Remote Users Execute Arbitrary Code - SecurityTracker
Products affected by CVE-2014-2623
- cpe:2.3:a:hp:storage_data_protector:8.0:-:*:*:*:windows_8:*:*
- cpe:2.3:a:hp:storage_data_protector:8.10:-:*:*:*:windows_server_2008:*:*
- cpe:2.3:a:hp:storage_data_protector:8.10:-:*:*:*:windows_server_2003:*:*
- cpe:2.3:a:hp:storage_data_protector:8.0:-:*:*:*:windows_server_2008:*:*
- cpe:2.3:a:hp:storage_data_protector:8.0:-:*:*:*:windows_server_2003:*:*
- cpe:2.3:a:hp:storage_data_protector:8.0:-:*:*:*:windows_7:*:*
- cpe:2.3:a:hp:storage_data_protector:8.10:-:*:*:*:windows_7:*:*
- cpe:2.3:a:hp:storage_data_protector:8.10:-:*:*:*:windows_8:*:*