Vulnerability CVE-2013-2333 - CERT Civis.Net

Vulnerability Name:

CVE-2013-2333 (CCN-84740)

Assigned:

2013-06-03

Published:

2013-06-03

Updated:

2019-10-09

Summary:

Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1680.

CVSS v3 Severity:

10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
8.3 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
8.3 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2013-2333

Source: CCN
Type: HP Security Bulletin HPSBMU02883 SSRT101227
HP Data Protector, Remote Increase of Privilege, Denial of Service (DoS), Execution of Arbitrary Code

Source: CCN
Type: SA53679
HP Data Protector Multiple Vulnerabilities

Source: CCN
Type: BID-60309
HP Data Protector CVE-2013-2333 Remote Code Execution Vulnerability

Source: XF
Type: UNKNOWN
data-protector-cve20132333-code-exec(84740)

Source: HP
Type: Vendor Advisory
SSRT101227

Source: CCN
Type: Packet Storm Security [10-14-2013]
HP Data Protector Cell Request Service Buffer Overflow

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [10-15-2013]

Source: CCN
Type: ZDI-13-130
Hewlett-Packard Data Protector Cell Manager crs.exe Opcode 211 Remote Code Execution Vulnerability

Vulnerable Configuration:

Configuration 1:

cpe:/a:hp:storage_data_protector:6.20:-:*:*:*:hp-ux:*:*

OR cpe:/a:hp:storage_data_protector:6.20:-:*:*:*:redhat_enterprise_linux:*:*

OR cpe:/a:hp:storage_data_protector:6.20:-:*:*:*:sunos:*:*

OR cpe:/a:hp:storage_data_protector:6.20:-:*:*:*:suse_linux:*:*

OR cpe:/a:hp:storage_data_protector:6.20:-:*:*:*:windows_server_2003:*:*

OR cpe:/a:hp:storage_data_protector:6.20:-:*:*:*:windows_server_2008:*:*

OR cpe:/a:hp:storage_data_protector:6.21:-:*:*:*:hp-ux:*:*

OR cpe:/a:hp:storage_data_protector:6.21:-:*:*:*:redhat_enterprise_linux:*:*

OR cpe:/a:hp:storage_data_protector:6.21:-:*:*:*:sunos:*:*

OR cpe:/a:hp:storage_data_protector:6.21:-:*:*:*:suse_linux:*:*

OR cpe:/a:hp:storage_data_protector:6.21:-:*:*:*:windows_server_2003:*:*

OR cpe:/a:hp:storage_data_protector:6.21:-:*:*:*:windows_server_2008:*:*

Configuration 2:

cpe:/a:hp:storage_data_protector:7.00:-:*:*:*:hp-ux:*:*

OR cpe:/a:hp:storage_data_protector:7.00:-:*:*:*:redhat_enterprise_linux:*:*

OR cpe:/a:hp:storage_data_protector:7.00:-:*:*:*:suse_linux:*:*

OR cpe:/a:hp:storage_data_protector:7.00:-:*:*:*:windows_server_2003:*:*

OR cpe:/a:hp:storage_data_protector:7.00:-:*:*:*:windows_server_2008:*:*

OR cpe:/a:hp:storage_data_protector:7.01:-:*:*:*:hp-ux:*:*

OR cpe:/a:hp:storage_data_protector:7.01:-:*:*:*:redhat_enterprise_linux:*:*

OR cpe:/a:hp:storage_data_protector:7.01:-:*:*:*:suse_linux:*:*

OR cpe:/a:hp:storage_data_protector:7.01:-:*:*:*:windows_server_2003:*:*

OR cpe:/a:hp:storage_data_protector:7.01:-:*:*:*:windows_server_2008:*:*

Denotes that component is vulnerable