Vulnerability Details CVE-2017-5809
A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 70.1%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 4.9
References
- http://www.securityfocus.com/bid/100088
- https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-setuid-bit-set-omniresolve-2017-08-02.pdf
- https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03732en_us
- http://www.securityfocus.com/bid/100088
- https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-setuid-bit-set-omniresolve-2017-08-02.pdf
- https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03732en_us
Products affected by CVE-2017-5809
-
cpe:2.3:a:hp:data_protector:6.10
-
cpe:2.3:a:hp:data_protector:6.11
-
cpe:2.3:a:hp:data_protector:7.0
-
cpe:2.3:a:hp:data_protector:7.03
-
cpe:2.3:a:hp:data_protector:7.03_108
-
cpe:2.3:a:hp:data_protector:8.0
-
cpe:2.3:a:hp:data_protector:8.14
-
cpe:2.3:a:hp:data_protector:8.15
-
cpe:2.3:a:hp:data_protector:9.09