Remote Command Execution Vulnerability in HP Storage Data Protector 6.2X
CVE-2013-2347

Currently unrated

Key Information:

Vendor: HP
Status: Storage Data Protector
Vendor: CVE Published:; 4 January 2014

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 76%

What is CVE-2013-2347?

The Backup Client Service (OmniInet.exe) in HP Storage Data Protector 6.2X is susceptible to exploitation by remote attackers. By sending a specially crafted EXEC_BAR packet to TCP port 5555, these attackers can execute arbitrary commands, potentially compromising system integrity or availability. This vulnerability underscores the importance of securing network services and monitoring for unusual traffic patterns.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2013-2347 - Proof of Concept

References

http://www.exploit-db.com/exploits/32164

exploitx_refsource_EXPLOIT-DB

http://ddilabs.blogspot.com/2014/02/fun-with-hp-data-prot...

x_refsource_MISC

http://www.zerodayinitiative.com/advisories/ZDI-14-008/

x_refsource_MISC

EPSS Score

76% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Jan 4, 2014
👾
Exploit known to exist
Jan 4, 2014
Vulnerability published
Jan 4, 2014
Vulnerability Reserved
Mar 4, 2013

CVE-2013-2347 Data

JSON