CVE-2013-2347 - The Backup Client Service (OmniInet.exe) in HP Storage Data Protector 6.2X allows remote attackers t

CVE-2013-2347

Summary

The Backup Client Service (OmniInet.exe) in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary commands or cause a denial of service via a crafted EXEC_BAR packet to TCP port 5555, aka ZDI-CAN-1885.

References

Vulnerable Configurations

cpe:2.3:a:hp:storage_data_protector:6.20:-:*:*:*:hp-ux:*:*
cpe:2.3:a:hp:storage_data_protector:6.20:-:*:*:*:hp-ux:*:*
cpe:2.3:a:hp:storage_data_protector:6.20:-:*:*:*:redhat_enterprise_linux:*:*
cpe:2.3:a:hp:storage_data_protector:6.20:-:*:*:*:redhat_enterprise_linux:*:*
cpe:2.3:a:hp:storage_data_protector:6.20:-:*:*:*:solaris:*:*
cpe:2.3:a:hp:storage_data_protector:6.20:-:*:*:*:solaris:*:*
cpe:2.3:a:hp:storage_data_protector:6.20:-:*:*:*:windows_server_2003:*:*
cpe:2.3:a:hp:storage_data_protector:6.20:-:*:*:*:windows_server_2003:*:*
cpe:2.3:a:hp:storage_data_protector:6.20:-:*:*:*:windows_server_2008:*:*
cpe:2.3:a:hp:storage_data_protector:6.20:-:*:*:*:windows_server_2008:*:*
cpe:2.3:a:hp:storage_data_protector:6.21:-:*:*:*:hp-ux:*:*
cpe:2.3:a:hp:storage_data_protector:6.21:-:*:*:*:hp-ux:*:*
cpe:2.3:a:hp:storage_data_protector:6.21:-:*:*:*:redhat_enterprise_linux:*:*
cpe:2.3:a:hp:storage_data_protector:6.21:-:*:*:*:redhat_enterprise_linux:*:*
cpe:2.3:a:hp:storage_data_protector:6.21:-:*:*:*:solaris:*:*
cpe:2.3:a:hp:storage_data_protector:6.21:-:*:*:*:solaris:*:*
cpe:2.3:a:hp:storage_data_protector:6.21:-:*:*:*:windows_server_2003:*:*
cpe:2.3:a:hp:storage_data_protector:6.21:-:*:*:*:windows_server_2003:*:*
cpe:2.3:a:hp:storage_data_protector:6.21:-:*:*:*:windows_server_2008:*:*
cpe:2.3:a:hp:storage_data_protector:6.21:-:*:*:*:windows_server_2008:*:*

CVSS

Base:	10.0 (as of 09-10-2019 - 23:07)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

refmap via4

exploit-db	32164
hp	HPSBMU02895 SSRT101220 SSRT101253
misc	http://ddilabs.blogspot.com/2014/02/fun-with-hp-data-protector-execbar.html http://www.zerodayinitiative.com/advisories/ZDI-14-008/

saint via4

bid	64647
description	HP Data Protector Backup Client Service EXEC_BAR Packet Vulnerability
osvdb	101626
title	hp_data_protector_omniinet_exec_bar
type	remote

Last major update

09-10-2019 - 23:07

Published

04-01-2014 - 04:51

Last modified

09-10-2019 - 23:07