Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 APP:HP-DATA-PRTCTR-OP28-11

Severity

 Critical

Recommended

 No

Recommended Action

 Drop

Category

 APP

Keywords

 HP Data Protector Opcode 28 and 11 Command Execution

Release Date

 2014/07/28

Update Number

 2403

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

APP: HP Data Protector Opcode 28 and 11 Command Execution


An command execution vulnerability exists in Hewlett-Packard Data Protector. The vulnerability is due to the a design weakness when handling requests to port 5555. A remote attacker can exploit this vulnerability by sending crafted packets to the target service. Successful exploitation could lead to arbitrary command execution with System privileges on the target server.

Extended Description

Per: https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04373818-2%257CdocLocale%253D%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken "HP Storage Data Protector v8.X running on Windows 2003/2008/7/8"

Affected Products

  • Hp storage_data_protector 8.0
  • Hp storage_data_protector 8.10

References

  • BugTraq: 68672
  • CVE: CVE-2014-2623
  • URL: https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04373818

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out