Detections
Analytics

HP OpenView Storage Data Protector Backup Agent Remote Arbitrary Command Execution

medium Nessus Network Monitor Plugin ID 3728

Synopsis

It is possible to execute code on the remote host through the backup agent.

Description

The remote version of HP OpenView Data Protector is vulnerable to an authentication bypass flaw. By sending specially crafted requests to the remote host, an attacker may be able to execute unauthorized Backup commands. Due to the nature of the software, a successful exploitation of this vulnerability could result in remote code execution.

Solution

If this service is not needed, disable it or filter incoming traffic to this port. HP has released a set of patches for Data Protector 5.10 and 5.50: http://itrc.hp.com/service/cki/docDisplay.do?docId=c00742778

See Also

http://www.kb.cert.org/vuls/id/673228

http://www.nessus.org/u?cf5c4b17

Plugin Details

Severity: Medium

ID: 3728

Family: Generic

Published: 8/15/2006

Updated: 3/6/2019

Nessus ID: 22225

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: Medium

Base Score: 5.8

Temporal Score: 4.3

Vector: CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: Medium

Base Score: 6.3

Temporal Score: 5.5

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:hp:openview_storage_data_protector

Reference Information

CVE: CVE-2006-4201

BID: 19495