Signature Detail
Short Name |
APP:HP-DATA-PRTCTR-EXEC_CMD-RCE |
|---|---|
Severity |
Critical |
Recommended |
No |
Recommended Action |
Drop |
Category |
APP |
Keywords |
HP Data Protector Client EXEC_CMD Command Execution |
Release Date |
2011/06/15 |
Update Number |
1939 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
APP: HP Data Protector Client EXEC_CMD Command Execution
This signature detects attempts to exploit a known vulnerability in HP Data Protector Client. Attackers can send a maliciously crafted message that could cause arbitrary commands to be executed with SYSTEM privileges.
Extended Description
HP OpenView Storage Data Protector is prone to multiple remote code-execution vulnerabilities that affect the Cell Manager and Client components. An attacker can exploit these issues to execute arbitrary code with SYSTEM-level privileges. Successful exploits will completely compromise an affected computer.
Affected Products
- HP Data Protector Manager 6.11
- HP Data Protector Manager A.06.11
- HP OpenView Storage Data Protector 5.1
- HP OpenView Storage Data Protector 5.5
- HP OpenView Storage Data Protector 5.5.0
- HP OpenView Storage Data Protector 6.0
- HP OpenView Storage Data Protector 6.1
- HP OpenView Storage Data Protector 6.10
- HP OpenView Storage Data Protector 6.11
References
- BugTraq: 46234
- CVE: CVE-2011-0923