HP Data Protector <= A.06.20 Multiple Vulnerabilities (credentialed check)
Critical Nessus Plugin ID 55551
SynopsisThe remote Windows host has an application that is affected by multiple vulnerabilities.
DescriptionThe version of HP Data Protector installed on the remote Windows host is affected by one or more of the following vulnerabilities :
- Multiple denial of service vulnerabilities exist in the 'data protect inet' service. (CVE-2011-1514, CVE-2011-1515)
- A buffer overflow vulnerability exists in the 'data protector inet' service that can be exploited via EXEC_CMD. (CVE-2011-1864)
- A buffer overflow vulnerability exists in the inet service that could result in code execution via a request containing crafted parameters. (CVE-2011-1865)
Solution1. Upgrade to Data Protector A.06.20 or later and
2. Enable encrypted control communication services on cell server and all clients in cell.