HP Data Protector Express (DPX) versions 5.0 and 6.0 contain multiple vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code on a targeted system.
The vulnerabilities are due to unspecified errors in the affected software. An unauthenticated, remote attacker could exploit these vulnerabilities to cause a DoS condition or execute arbitrary code with elevated privileges.
Vendor-supplied CVSS scoring suggests that successful exploitation of these vulnerabilities could allow the attacker to cause a complete system compromise.
Administrators may consider using IP-based access control lists (ACLs) to allow only trusted systems to access the affected systems.
Proof-of-concept code that demonstrates an exploit of the vulnerabilities is available.
HP has released security bulletin c03229235 at the following link: HPSBMU02746 SSRT100781
HP has released software updates at the following links:
HP Data Protector Express 5.0
HP Data Protector Express 6.0