Vulnerability Details CVE-2013-2342
The HP StoreOnce D2D backup system with software before 3.0.0 has a default password of badg3r5 for the HPSupport account, which allows remote attackers to obtain administrative access and delete data via an SSH session.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 36.5%
CVSS Severity
CVSS v2 Score 7.7
References
- http://www.lolware.net/hpstorage.html
- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03813919
- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03813919
- http://www.lolware.net/hpstorage.html
- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03813919
- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03813919
Products affected by CVE-2013-2342
-
cpe:2.3:a:hp:storeonce_d2d:1.0.0
-
cpe:2.3:a:hp:storeonce_d2d:1.2.17
-
cpe:2.3:a:hp:storeonce_d2d:1.2.18
-
cpe:2.3:a:hp:storeonce_d2d:1.2.19
-
cpe:2.3:a:hp:storeonce_d2d:2.0.0
-
cpe:2.3:a:hp:storeonce_d2d:2.1.01
-
cpe:2.3:a:hp:storeonce_d2d:2.2.00
-
cpe:2.3:a:hp:storeonce_d2d:2.2.10
-
cpe:2.3:a:hp:storeonce_d2d:2.2.13
-
cpe:2.3:a:hp:storeonce_d2d:2.2.14
-
cpe:2.3:a:hp:storeonce_d2d:2.2.16
-
cpe:2.3:a:hp:storeonce_d2d:2.2.17