Published: 04/01/2014 Updated: 09/10/2019

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

The Backup Client Service (OmniInet.exe) in HP Storage Data Protector 6.2X allows remote malicious users to execute arbitrary commands or cause a denial of service via a crafted EXEC_BAR packet to TCP port 5555, aka ZDI-CAN-1885.

Vulnerable Product	Search on Vulmon	Subscribe to Product
hp storage data protector 6.21
hp storage data protector 6.20

HP Data Protector EXEC_BAR remote command execution exploit that affects versions 610, 611, and 620 ...

## # This module requires Metasploit: http//metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp include Msf::Exploit::Powershell include Msf::Exploit::CmdStagerVBS def initi ...

import argparse import socket """ Exploit Title: HP Data Protector EXEC_BAR Remote Command Execution Exploit Author: Chris Graham @cgrahamseven CVE: CVE-2013-2347 Date: February 14, 2014 Vendor Homepage: wwwhpcom Version: 610, 611, 620 Tested On: Windows Server 2003, Windows Server 2008 R2 References: h20566www2hpcom/portal/site/ ...

NVD-CWE-noinfo http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03822422 http://www.exploit-db.com/exploits/32164 http://ddilabs.blogspot.com/2014/02/fun-with-hp-data-protector-execbar.html http://www.zerodayinitiative.com/advisories/ZDI-14-008/https://nvd.nist.gov https://packetstormsecurity.com/files/125246/HP-Data-Protector-EXEC_BAR-Remote-Command-Execution.html https://www.exploit-db.com/exploits/32164/

CVE-2013-2347

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect