HP Data Protector Backup Client Service Directory Traversal Network Vulnerability

Summary

This host is running HP Data Protector and is prone to a directory traversal vulnerability which might lead to execution of arbitrary code.

Impact

A remote attacker can upload and execute abitrary code.

Solution

Apply the patch from the link below or update to a newer version. https://ovrd.external.hp.com/hpp/hpp2rd

Insight

There is a directory traversal vulnerability in HP Data Protector. The vulnerability is in the backup client service when parsing packets with opcode 42.

Affected

HP Data Protector 6.21 and prior.

Detection

Checks the installed version.

References

http://www.exploit-db.com/exploits/31181/
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03822422

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-6194

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Acrobat Multiple Vulnerabilities April-2012 (Windows)
Adobe Air and Flash Player Multiple Vulnerabilities August-2011 (Windows)
Adobe Acrobat and Reader PDF Handling Multiple Vulnerabilities (Linux)
Adobe Air Multiple Vulnerabilities -01 August 12 (Mac OS X)
Adobe Acrobat Multiple Unspecified Vulnerabilities -01 Feb13 (Mac OS X)

Take action and discover your vulnerabilities