Vulnerability Details CVE-2013-2352
LeftHand OS (aka SAN iQ) 10.5 and earlier on HP StoreVirtual Storage devices does not provide a mechanism for disabling the HP Support challenge-response root-login feature, which makes it easier for remote attackers to obtain administrative access by leveraging knowledge of an unused one-time password.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.022
EPSS Ranking 83.8%
CVSS Severity
CVSS v2 Score 9.4
References
- http://www.theregister.co.uk/2013/07/09/hp_storage_more_possible_backdoors/
- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03825537
- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03825537
- http://www.theregister.co.uk/2013/07/09/hp_storage_more_possible_backdoors/
- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03825537
- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03825537
Products affected by CVE-2013-2352
-
cpe:2.3:a:hp:san/iq:10.0
-
cpe:2.3:a:hp:san/iq:8.0
-
cpe:2.3:a:hp:san/iq:8.1
-
cpe:2.3:a:hp:san/iq:8.5
-
cpe:2.3:a:hp:san/iq:9.0
-
cpe:2.3:a:hp:san/iq:9.5
-
cpe:2.3:h:dell:poweredge_2950:-
-
cpe:2.3:h:hp:dl320s:*
-
cpe:2.3:h:hp:lefthand_nsm2060:*
-
cpe:2.3:h:hp:lefthand_nsm2060_g2:*
-
cpe:2.3:h:hp:lefthand_nsm2120_g2:*
-
cpe:2.3:h:hp:lefthand_vsa:*
-
cpe:2.3:h:hp:p4000_vsa:*
-
cpe:2.3:h:hp:p4300:*
-
cpe:2.3:h:hp:p4300_g2:*
-
cpe:2.3:h:hp:p4500:*
-
cpe:2.3:h:hp:p4500_g2:*
-
cpe:2.3:h:hp:p4900_g2:*
-
cpe:2.3:h:hp:storevirtual_4130:-
-
cpe:2.3:h:hp:storevirtual_4330:-
-
cpe:2.3:h:hp:storevirtual_4530:-
-
cpe:2.3:h:hp:storevirtual_4630:-
-
cpe:2.3:h:hp:storevirtual_4730:-
-
cpe:2.3:h:hp:storevirtual_vsa:*
-
cpe:2.3:h:ibm:x3650:*