HP Data Protector Backup Client Service Directory Traversal Network Vulnerability

Summary

This host is running HP Data Protector and is prone to a directory traversal vulnerability which might lead to execution of arbitrary code.

Impact

A remote attacker can upload and execute abitrary code.

Solution

Apply the patch from the link below or update to a newer version. https://ovrd.external.hp.com/hpp/hpp2rd

Insight

There is a directory traversal vulnerability in HP Data Protector. The vulnerability is in the backup client service when parsing packets with opcode 42.

Affected

HP Data Protector 6.21 and prior.

Detection

Checks the installed version.

References

http://www.exploit-db.com/exploits/31181/
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03822422

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-6194

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Acrobat Multiple Vulnerabilities-01 Sep14 (Windows)
Adobe Acrobat Multiple Vulnerabilities - 01 Jan14 (Windows)
Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Linux)
Adobe AIR Multiple Vulnerabilities(APSB14-24)-(Windows)
Adobe Acrobat Out-of-bounds Vulnerability Feb15 (Mac OS X)

Take action and discover your vulnerabilities