Summary
This host is installed with HP Data Protector and is prone to remote code execution vulnerability.
Impact
Successful exploitation will allow remote attackers to execute arbitrary Perl code via a crafted command.
Impact Level: Application.
Solution
Upgrade to Data Protector A.06.20 or later, For updates refer to http://h71028.www7.hp.com/enterprise/w1/en/software/information-management-data-protector.html
Insight
The specific flaw exists within the filtering of arguments to the 'EXEC_CMD' command. which allows remote connections to execute files within it's local bin directory.
Affected
HP Data Protector 6.11 and prior.
References
Severity
Classification
-
CVE CVE-2011-0923 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Mac OX S)
- Adobe Acrobat Multiple Unspecified Vulnerabilities -01 Feb13 (Mac OS X)
- 3S CoDeSys CmpWebServer Multiple Vulnerabilities
- Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Mac OS X)
- Adobe Air Multiple Vulnerabilities -01 May 13 (Windows)