CVE-2016-2004

CRITICAL NUCLEI

HPE Data Protector <7.03_108,8.x<8.15,9.x<9.06 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2016-2004. PoCs published by Ian Lovering, marcocarolasec, Jon Barg, Ian Lovering, including Metasploit module exploits/windows/misc/hp_dataprotector_encrypted_comms. A Nuclei detection template is also available.

AI-analyzed exploit summary This Metasploit module exploits CVE-2016-2004 in HP Data Protector by establishing an encrypted communication channel and executing a PowerShell payload for remote code execution. It targets versions A.09.00 and earlier, leveraging TLS/SSL for encryption.

Description

HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2623.

Exploits (4)

exploitdb WORKING POC VERIFIED
by Ian Lovering · rubyremotewindows
https://www.exploit-db.com/exploits/39874

This Metasploit module exploits CVE-2016-2004 in HP Data Protector by establishing an encrypted communication channel and executing a PowerShell payload for remote code execution. It targets versions A.09.00 and earlier, leveraging TLS/SSL for encryption.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: HP Data Protector A.09.00 and earlier
No auth needed
Prerequisites: Network access to port 5555 · Target system running Windows Vista or newer
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Ian Lovering · pythonremotewindows
https://www.exploit-db.com/exploits/39858

This exploit demonstrates unauthenticated encrypted communication with HP Data Protector agents, leveraging a known vulnerability to execute arbitrary commands. It bypasses encryption security by exploiting lack of authentication, allowing RCE via a crafted payload.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: HP Data Protector A.09.00 and earlier
No auth needed
Prerequisites: Network access to target · Data Protector agent with encrypted control communication enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by marcocarolasec · poc
https://github.com/marcocarolasec/CVE-2016-2004-Exploit

This repository contains a functional Python exploit for CVE-2016-2004, which targets HP Data Protector to achieve arbitrary remote command execution via a crafted packet sent to a vulnerable service. The exploit leverages the 'perl.exe' interpreter installed with HP Data Protector to execute commands on the target system.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: HP Data Protector A.06.20
No auth needed
Prerequisites: Network access to the target system · HP Data Protector service running on the target
devstral-2 · analyzed Feb 18, 2026 Full analysis →
metasploit WORKING POC NORMAL
by Jon Barg, Ian Lovering · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/hp_dataprotector_encrypted_comms.rb

This Metasploit module exploits CVE-2016-2004, a remote code execution vulnerability in HP Data Protector. It establishes an encrypted communication channel with the target and executes a PowerShell payload to achieve RCE on Windows systems.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: HP Data Protector 9.0
No auth needed
Prerequisites: Network access to port 5555 · Target running HP Data Protector with encrypted communications enabled
devstral-2 · analyzed Feb 19, 2026 Full analysis →

Nuclei Templates (1)

HP Data Protector - Arbitrary Command Execution
CRITICALby pussycat0x

References (7)

Core 7
Core References
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/267328
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/39874/
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/39858/
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1035631

Scores

CVSS v3 9.8
EPSS 0.9273
EPSS Percentile 99.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-306
Status published
Products (1)
hp/data_protector 7.0 - 7.03_108
Published Apr 21, 2016
Tracked Since Feb 18, 2026