CVE-2011-0923 : The client in HP Data Protector does not properly validate EXEC_CMD arguments, which allows remote attackers to execute

The client in HP Data Protector does not properly validate EXEC_CMD arguments, which allows remote attackers to execute arbitrary Perl code via a crafted command, related to the "local bin directory."

Published 2011-02-09 01:00:10

Updated 2016-08-23 02:03:36

Source MITRE

View at NVD, CVE.org

Vulnerability category: Input validation

Exploit prediction scoring system (EPSS) score for CVE-2011-0923

Probability of exploitation activity in the next 30 days: 97.23%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2011-0923

HP Data Protector 6.1 EXEC_CMD Command Execution

Disclosure Date: 2011-02-07

First seen: 2020-04-26

auxiliary/admin/hp/hp_data_protector_cmd

This module exploits HP Data Protector's omniinet process, specifically against a Windows setup. When an EXEC_CMD packet is sent, omniinet.exe will attempt to look for that user-supplied filename with kernel32!FindFirstFileW(). If the file is found, the pro

More information
HP Data Protector 6 EXEC_CMD Remote Code Execution

Disclosure Date: 2011-02-07

First seen: 2020-04-26

exploit/linux/misc/hp_data_protector_cmd_exec

This exploit abuses a vulnerability in the HP Data Protector service. This flaw allows an unauthenticated attacker to take advantage of the EXEC_CMD command and traverse back to /bin/sh, this allows arbitrary remote code execution under the context of root. Au

More information

CVSS scores for CVE-2011-0923

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2011-0923

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2011-0923

http://securityreason.com/securityalert/8261

HP Data Protector Client EXEC_CMD Remote Code Execution PoC (ZDI-11-055) - CXSecurity.com
http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-hp

Threat Intelligence | Digital Vaccine® | ThreatLinQ | Trend Micro

CVEs referencing this url
http://securityreason.com/securityalert/8329

HP Data Protector Remote Shell for HP-UX - CXSecurity.com
http://www.securityfocus.com/bid/46234

HP OpenView Storage Data Protector Multiple Remote Code Execution Vulnerabilities

CVEs referencing this url
http://securityreason.com/securityalert/8323

HP Data Protector Remote Shell for HPUX - CXSecurity.com
http://zerodayinitiative.com/advisories/ZDI-11-055/

ZDI-11-055 | Zero Day Initiative
http://www.vupen.com/english/advisories/2011/0308

Webmail | OVH- OVH
Vendor Advisory

CVEs referencing this url
http://marc.info/?l=bugtraq&m=130391284726795&w=2

'[security bulletin] HPSBMA02654 SSRT100441 rev.1 - HP OpenView Storage Data Protector, Remote Execut' - MARC

CVEs referencing this url

Products affected by CVE-2011-0923

HP » Data Protector
cpe:2.3:a:hp:data_protector:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2011-0923