LeftHand OS (aka SAN iQ) 10.5 and earlier on HP StoreVirtual Storage devices does not provide a mechanism for disabling the HP Support challenge-response root-login feature, which makes it easier for remote attackers to obtain administrative access by leveraging knowledge of an unused one-time password.
Max CVSS
9.4
EPSS Score
0.35%
Published
2013-07-10
Updated
2019-10-09
hydra.exe in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance has a hardcoded password of L0CAlu53R for the global$agent account, which allows remote attackers to obtain access to a management service via a login: request to TCP port 13838.
Max CVSS
4.0
EPSS Score
0.28%
Published
2012-08-20
Updated
2012-08-21
CVE-2012-4361
Public exploit
lhn/public/network/ping in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance allows remote authenticated users to execute arbitrary commands via shell metacharacters in the second parameter.
Max CVSS
7.7
EPSS Score
16.61%
Published
2012-08-20
Updated
2012-08-21
Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1513.
Max CVSS
10.0
EPSS Score
14.73%
Published
2013-02-06
Updated
2019-10-09
Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1512.
Max CVSS
10.0
EPSS Score
14.73%
Published
2013-02-06
Updated
2019-10-09
Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1511.
Max CVSS
10.0
EPSS Score
14.73%
Published
2013-02-06
Updated
2019-10-09
Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1468.
Max CVSS
10.0
EPSS Score
14.73%
Published
2013-02-06
Updated
2019-10-09
lhn/public/network/ping in HP SAN/iQ 9.5 on the HP Virtual SAN Appliance allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) first, (2) third, or (3) fourth parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4361.
Max CVSS
7.7
EPSS Score
0.05%
Published
2012-08-20
Updated
2012-08-21
Stack-based buffer overflow in hydra.exe in HP SAN/iQ before 9.5 on the HP StorageWorks P4000 Virtual SAN Appliance allows remote attackers to execute arbitrary code via a crafted login request.
Max CVSS
10.0
EPSS Score
46.64%
Published
2011-11-16
Updated
2017-08-29
9 vulnerabilities found