Remote Command Execution Vulnerability in HP Storage Data Protector 6.2X
CVE-2013-2347

Currently unrated

Key Information:

Vendor: HP
Status: Storage Data Protector
Vendor: CVE Published:; 4 January 2014

Summary

The Backup Client Service (OmniInet.exe) in HP Storage Data Protector 6.2X is susceptible to exploitation by remote attackers. By sending a specially crafted EXEC_BAR packet to TCP port 5555, these attackers can execute arbitrary commands, potentially compromising system integrity or availability. This vulnerability underscores the importance of securing network services and monitoring for unusual traffic patterns.

References

http://www.exploit-db.com/exploits/32164

exploitx_refsource_EXPLOIT-DB

http://ddilabs.blogspot.com/2014/02/fun-with-hp-data-prot...

x_refsource_MISC

http://www.zerodayinitiative.com/advisories/ZDI-14-008/

x_refsource_MISC

EPSS Score

69% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jan 4, 2014
Vulnerability Reserved
Mar 4, 2013