HP Data Protector 8.x < 8.17 / 9.x < 9.09 Multiple Vulnerabilities (HPSBGN03732)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote host is affected by multiple vulnerabilities.

Description :

The version of HP Data Protector installed on the remote host is
8.x prior to 8.17, or 9.x prior to 9.09. It
is, therefore, affected by the following vulnerabilities :

- HPE Data Protector contains an unspecified overflow
condition that is triggered as certain input is not
properly validated. This may allow a remote attacker
to cause a stack-based buffer overflow, resulting in
a denial of service or potentially allowing the
execution of arbitrary code. (CVE-2017-5807)

- HPE Data Protector contains an unspecified flaw that
may allow a remote attacker to cause a denial of
service. No further details have been provided by
the vendor. (CVE-2017-5808)

- HPE Data Protector contains an unspecified flaw related
to improper permissions. This may allow a local attacker
to disclose sensitive information. No further details
have been provided by the vendor. (CVE-2017-5809)

See also :

http://www.nessus.org/u?a0f34ed3

Solution :

Upgrade to HP Data Protector 8.17 / 9.09 or later per the vendor advisory.

Risk factor :

High / CVSS Base Score : 7.6
(CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)

Family: Misc.

Nessus Plugin ID: 102431 ()

Bugtraq ID:

CVE ID: CVE-2017-5807
CVE-2017-5808
CVE-2017-5809

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now