Vulnerabilities > CVE-2014-2623 - Unspecified vulnerability in HP Storage Data Protector 8.0/8.10

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
hp
exploit available
metasploit
NVD
Published: 2014-07-18
Updated: 2024-11-21

Summary

Unspecified vulnerability in HP Storage Data Protector 8.x allows remote attackers to execute arbitrary code via unknown vectors.

Vulnerable Configurations

Part Description Count
Application
Hp
8

Exploit-Db

  • descriptionHP Data Protector 8.10 Remote Command Execution. CVE-2014-2623. Remote exploit for windows platform
    fileexploits/windows/remote/36304.rb
    idEDB-ID:36304
    last seen2016-02-04
    modified2015-03-06
    platformwindows
    port5555
    published2015-03-06
    reportermetasploit
    sourcehttps://www.exploit-db.com/download/36304/
    titleHP Data Protector 8.10 Remote Command Execution
    typeremote
  • descriptionHP Data Protector 8.x - Remote Command Execution. CVE-2014-2623. Remote exploit for hp-ux platform
    fileexploits/hp-ux/remote/35961.py
    idEDB-ID:35961
    last seen2016-02-04
    modified2015-01-30
    platformhp-ux
    port
    published2015-01-30
    reporterJuttikhun Khamchaiyaphum
    sourcehttps://www.exploit-db.com/download/35961/
    titleHP Data Protector 8.x - Remote Command Execution
    typeremote
  • descriptionHP Data Protector Manager 8.10 - Remote Command Execution. CVE-2014-2623. Remote exploit for windows platform
    fileexploits/windows/remote/34066.py
    idEDB-ID:34066
    last seen2016-02-03
    modified2014-07-14
    platformwindows
    port
    published2014-07-14
    reporterPolunchis
    sourcehttps://www.exploit-db.com/download/34066/
    titleHP Data Protector Manager 8.10 - Remote Command Execution
    typeremote

Metasploit

descriptionThis module exploits a remote command execution on HP Data Protector 8.10. Arbitrary commands can be executed by sending crafted requests with opcode 28 to the OmniInet service listening on the TCP/5555 port. Since there is a strict length limitation on the command, rundll32.exe is executed, and the payload is provided through a DLL by a fake SMB server. This module has been tested successfully on HP Data Protector 8.1 on Windows 7 SP1.
idMSF:EXPLOIT/WINDOWS/MISC/HP_DATAPROTECTOR_CMD_EXEC
last seen2020-06-05
modified2017-09-14
published2015-03-04
references
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/misc/hp_dataprotector_cmd_exec.rb
titleHP Data Protector 8.10 Remote Command Execution

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/130658/hp_dataprotector_cmd_exec.rb.txt
idPACKETSTORM:130658
last seen2016-12-05
published2015-03-05
reporterChristian Ramirez
sourcehttps://packetstormsecurity.com/files/130658/HP-Data-Protector-8.10-Remote-Command-Execution.html
titleHP Data Protector 8.10 Remote Command Execution

Saint

  • bid68672
    descriptionHP Data Protector Unauthenticated Remote Code Execution
    idnet_openview_hpdataprot
    osvdb109069
    titlehp_data_protector_tesertest
    typeremote
  • bid68672
    descriptionHP Data Protector Windows Unauthenticated Remote Code Execution
    idnet_openview_hpdataprot
    osvdb109069
    titlehp_data_protector_perl
    typeremote

Seebug

bulletinFamilyexploit
descriptionNo description provided by source.
idSSV:89446
last seen2017-11-19
modified2015-09-17
published2015-09-17
sourcehttps://www.seebug.org/vuldb/ssvid-89446
titleHP Data Protector 8.x - Remote Command Execution

References