Detections
Analytics

HP Data Protector <= A.06.20 Multiple Vulnerabilities (credentialed check)

critical Nessus Plugin ID 55551

Language:

Synopsis

The remote Windows host has an application that is affected by multiple vulnerabilities.

Description

The version of HP Data Protector installed on the remote Windows host is affected by one or more of the following vulnerabilities :

 - Multiple denial of service vulnerabilities exist in the 'data protect inet' service. (CVE-2011-1514, CVE-2011-1515)

 - A buffer overflow vulnerability exists in the 'data protector inet' service that can be exploited via EXEC_CMD. (CVE-2011-1864)

 - A buffer overflow vulnerability exists in the inet service that could result in code execution via a request containing crafted parameters. (CVE-2011-1865)

Solution

1. Upgrade to Data Protector A.06.20 or later and

2. Enable encrypted control communication services on cell server and all clients in cell.

See Also

http://www.nessus.org/u?6d655681

http://www.nessus.org/u?79bee660

http://www.nessus.org/u?0e38ce76

Plugin Details

Severity: Critical

ID: 55551

File Name: hp_data_protector_0620_multiple_vulns_creds.nasl

Version: 1.19

Type: local

Agent: windows

Family: Windows

Published: 7/11/2011

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:hp:storage_data_protector

Required KB Items: SMB/HP Data Protector/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/25/2011

Vulnerability Publication Date: 6/29/2011

Exploitable With

Core Impact

Metasploit (HP OmniInet.exe Opcode 20 Buffer Overflow)

ExploitHub (EH-12-076)

Reference Information

CVE: CVE-2011-1514, CVE-2011-1515, CVE-2011-1865, CVE-2011-1866

BID: 48486, 48488

Secunia: 45100