CVE-2014-2623
CVE-2014-2623
Vexday Risk Score
82Fix now
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS —EPSS 89.4%KEV nãoPoC públicaNuclei —Metasploit simPatch referenciado
Lifecycle
14 Jul 2014Public PoC
18 Jul 2014Published on NVD
02 Nov 2014Metasploit module available
Weaponization speed
107 daysto Metasploit module
Recommendation: Patch as soon as possible — active exploitation confirmed.
Unspecified vulnerability in HP Storage Data Protector 8.x allows remote attackers to execute arbitrary code via unknown vectors.
Affected products
n/a · n/apublic PoCs found — 7
cve_referencepacketstormsecurity.com/files/130658/HP-Data-Protector-8.10-Remote-Command-Execution.htmlunverifiedcve_referencewww.exploit-db.com/exploits/34066/unverifiedcve_referencewww.exploit-db.com/exploits/35961unverifiedcve_referencewww.exploit-db.com/exploits/36304unverifiedexploitdbwww.exploit-db.com/exploits/35961unverifiedexploitdbwww.exploit-db.com/exploits/36304unverifiedexploitdbwww.exploit-db.com/exploits/34066unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
References
http://packetstormsecurity.com/files/130658/HP-Data-Protector-8.10-Remote-Command-Execution.htmlhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04373818http://www.exploit-db.com/exploits/34066/http://www.exploit-db.com/exploits/35961http://www.exploit-db.com/exploits/36304http://www.osvdb.org/109069http://www.securitytracker.com/id/1030583