New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 7.4
SynopsisThe backup service running on the remote host is affected by multiple vulnerabilities.
DescriptionAccording to its version and build number, the HP Data Protector application running on the remote host is affected by the following vulnerabilities :
- Multiple buffer overflow conditions exist in the Backup Client Service (OmniInet.exe) that allow an unauthenticated, remote attacker to execute arbitrary code on the affected host as a privileged user. Note that these issues only affect HP Data Protector installations running on Windows. (CVE-2011-1728, CVE-2011-1729, CVE-2011-1730, CVE-2011-1731, CVE-2011-1732, CVE-2011-1733, CVE-2011-1734, CVE-2011-1735)
- A directory traversal vulnerability exists in the Backup Client Service (OmniInet.exe) that allows an unauthenticated, remote attacker to view the contents of arbitrary files on the affected host. Note that this issue only affects HP Data Protector installations running on Windows. (CVE-2011-1736)
- A flaw exists in the Media Management Daemon (mmd) that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2011-2399)
SolutionApply the relevant patches referenced in the HP advisories.
Alternatively, enable the encrypted control communication services.