HP Data Protector Remote Command Execution
Critical Nessus Plugin ID 53641
SynopsisThe remote service allows remote execution of arbitrary commands without authentication.
DescriptionThe remote HP Data Protector client or server service is affected by a command execution vulnerability. A malicious user can send a specially crafted packet that causes this service to execute an arbitrary shell command with system privileges.
Solution1. Upgrade to Data Protector A.06.20 or later and
2. Enable encrypted control communication services on cell server and all clients in cell.