HP Data Protector <= A.06.20 Multiple Vulnerabilities (credentialed check)

Critical Nessus Plugin ID 55551

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 7.4


The remote Windows host has an application that is affected by multiple vulnerabilities.


The version of HP Data Protector installed on the remote Windows host is affected by one or more of the following vulnerabilities :

- Multiple denial of service vulnerabilities exist in the 'data protect inet' service. (CVE-2011-1514, CVE-2011-1515)

- A buffer overflow vulnerability exists in the 'data protector inet' service that can be exploited via EXEC_CMD. (CVE-2011-1864)

- A buffer overflow vulnerability exists in the inet service that could result in code execution via a request containing crafted parameters. (CVE-2011-1865)


1. Upgrade to Data Protector A.06.20 or later and

2. Enable encrypted control communication services on cell server and all clients in cell.

See Also




Plugin Details

Severity: Critical

ID: 55551

File Name: hp_data_protector_0620_multiple_vulns_creds.nasl

Version: 1.19

Type: local

Agent: windows

Family: Windows

Published: 2011/07/11

Updated: 2018/11/15

Dependencies: 55550

Risk Information

Risk Factor: Critical

VPR Score: 7.4

CVSS v2.0

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:hp:storage_data_protector

Required KB Items: SMB/HP Data Protector/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2011/04/25

Vulnerability Publication Date: 2011/06/29

Exploitable With

Core Impact

Metasploit (HP OmniInet.exe Opcode 20 Buffer Overflow)

ExploitHub (EH-12-076)

Reference Information

CVE: CVE-2011-1514, CVE-2011-1515, CVE-2011-1865, CVE-2011-1866

BID: 48486, 48488

Secunia: 45100