Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-2347

5 documents4 sources

Severity

10.0CRITICAL

EPSS

76.8%

top 1.05%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

HP Storage Data Protector

Timeline

PublishedJan 4

Latest updateMay 13

Description

The Backup Client Service (OmniInet.exe) in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary commands or cause a denial of service via a crafted EXEC_BAR packet to TCP port 5555, aka ZDI-CAN-1885.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDhp/storage_data_protector6.20, 6.21+1

🔴Vulnerability Details

GHSA

GHSA-hqq8-c3pw-gf28: The Backup Client Service (OmniInet↗2022-05-13

▶

CVEList

CVE-2013-2347: The Backup Client Service (OmniInet↗2014-01-04

▶

💥Exploits & PoCs

Exploit-DB

HP Data Protector - Backup Client Service Remote Code Execution (Metasploit)↗2014-03-10

▶

Exploit-DB

HP Data Protector - 'EXEC_BAR' Remote Command Execution↗2014-02-16

▶