HomePentest-Tools.com Logo

HP Data Protector - Arbitrary Command Execution CVE-2016-2004

Severity
CVSSv3 Score
9.8
Vulnerability description

HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. This vulnerability exists because of an incomplete fix for CVE-2014-2623.

Risk description

The risk exists that a remote unauthenticated attacker can fully compromise the server to steal confidential information, install ransomware, or pivot to the internal network.

Recommendation

Upgrade to the most recent version of HP Data Protector.

Codename
Not available
Detectable with
Network Scanner
Scan engine
Nuclei
Exploitable with Sniper
No
CVE Published
Apr 21, 2016
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available