HP OpenView Storage Data Protector Backup Agent Remote Arbitrary Command Execution

Medium Nessus Network Monitor Plugin ID 3728

Synopsis

It is possible to execute code on the remote host through the backup agent.

Description

The remote version of HP OpenView Data Protector is vulnerable to an authentication bypass flaw. By sending specially crafted requests to the remote host, an attacker may be able to execute unauthorized Backup commands. Due to the nature of the software, a successful exploitation of this vulnerability could result in remote code execution.

Solution

If this service is not needed, disable it or filter incoming traffic to this port. HP has released a set of patches for Data Protector 5.10 and 5.50: http://itrc.hp.com/service/cki/docDisplay.do?docId=c00742778

See Also

http://www.kb.cert.org/vuls/id/673228

http://www.nessus.org/u?cf5c4b17

Plugin Details

Severity: Medium

ID: 3728

Family: Generic

Published: 2006/08/15

Modified: 2016/01/21

Dependencies: 3727

Nessus ID: 22225

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 5.8

Temporal Score: 4.3

Vector: CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSSv3

Base Score: 6.3

Temporal Score: 5.5

Vector: CVSS3#AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:U/RL:O/RC:C

Reference Information

CVE: CVE-2006-4201

BID: 19495