CVE-2016-2004
CRITICAL NUCLEIHPE Data Protector <7.03_108,8.x<8.15,9.x<9.06 - RCE
Title source: llmDescription
HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2623.
Exploits (4)
exploitdb
WORKING POC
VERIFIED
by Ian Lovering · rubyremotewindows
https://www.exploit-db.com/exploits/39874
exploitdb
WORKING POC
VERIFIED
by Ian Lovering · pythonremotewindows
https://www.exploit-db.com/exploits/39858
metasploit
WORKING POC
NORMAL
by Jon Barg, Ian Lovering · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/hp_dataprotector_encrypted_comms.rb
Nuclei Templates (1)
HP Data Protector - Arbitrary Command Execution
CRITICALby pussycat0x
References (7)
Scores
CVSS v3
9.8
EPSS
0.9273
EPSS Percentile
99.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-306
Status
published
Products (1)
hp/data_protector
7.0 - 7.03_108
Published
Apr 21, 2016
Tracked Since
Feb 18, 2026