LeftHand OS (aka SAN iQ) 10.5 and earlier on HP StoreVirtual Storage devices does not provide a mechanism for disabling the HP Support challenge-response root-login feature, which makes it easier for remote attackers to obtain administrative access by leveraging knowledge of an unused one-time password.
Max CVSS
9.4
EPSS Score
0.35%
Published
2013-07-10
Updated
2019-10-09
hydra.exe in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance has a hardcoded password of L0CAlu53R for the global$agent account, which allows remote attackers to obtain access to a management service via a login: request to TCP port 13838.
Max CVSS
4.0
EPSS Score
0.28%
Published
2012-08-20
Updated
2012-08-21

CVE-2012-4361

Public exploit
lhn/public/network/ping in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance allows remote authenticated users to execute arbitrary commands via shell metacharacters in the second parameter.
Max CVSS
7.7
EPSS Score
16.61%
Published
2012-08-20
Updated
2012-08-21
Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1513.
Max CVSS
10.0
EPSS Score
14.73%
Published
2013-02-06
Updated
2019-10-09
Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1512.
Max CVSS
10.0
EPSS Score
14.73%
Published
2013-02-06
Updated
2019-10-09
Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1511.
Max CVSS
10.0
EPSS Score
14.73%
Published
2013-02-06
Updated
2019-10-09
Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1468.
Max CVSS
10.0
EPSS Score
14.73%
Published
2013-02-06
Updated
2019-10-09
lhn/public/network/ping in HP SAN/iQ 9.5 on the HP Virtual SAN Appliance allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) first, (2) third, or (3) fourth parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4361.
Max CVSS
7.7
EPSS Score
0.05%
Published
2012-08-20
Updated
2012-08-21
Stack-based buffer overflow in hydra.exe in HP SAN/iQ before 9.5 on the HP StorageWorks P4000 Virtual SAN Appliance allows remote attackers to execute arbitrary code via a crafted login request.
Max CVSS
10.0
EPSS Score
46.64%
Published
2011-11-16
Updated
2017-08-29
9 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!