HP Data Protector 8.x Arbitrary Command Execution (HPSBMU03072)

Critical Nessus Plugin ID 76616


The remote host is affected by an arbitrary command execution vulnerability.


Nessus was able to execute an operating system command on the remote HP Data Protector 8.x installation by sending a specially crafted packet to the HP Data Protector service.


A patched version is not currently available. As a workaround, enable Encrypted Control Communications (ECC) services on the cell server and all of the clients in cell.

See Also


Plugin Details

Severity: Critical

ID: 76616

File Name: hp_data_protector_hpsbmu03072.nbin

Version: $Revision: 1.28 $

Type: remote

Family: Misc.

Published: 2014/07/21

Modified: 2018/01/29

Dependencies: 19601, 11936

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:hp:storage_data_protector, cpe:/a:hp:data_protector

Required KB Items: Services/data_protector/version

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2014/07/15

Exploitable With

ExploitHub (EH-14-163)

Reference Information

CVE: CVE-2014-2623

BID: 68533, 68672

OSVDB: 109069

HP: emr_na-c04373818-1, HPSBMU03072, SSRT101644