San\/iq
by HP
CVEs (9)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2012-4361 | 0.07 | — | 0.45 | Aug 20, 2012 | lhn/public/network/ping in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance allows remote authenticated users to execute arbitrary commands via shell metacharacters in the second parameter. | ||
| CVE-2012-3282 | 0.06 | — | 0.35 | Feb 6, 2013 | Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1468. | ||
| CVE-2012-4362 | 0.05 | — | 0.22 | Aug 20, 2012 | hydra.exe in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance has a hardcoded password of L0CAlu53R for the global$agent account, which allows remote attackers to obtain access to a management service via a login: request to TCP port 13838. | ||
| CVE-2012-2986 | 0.03 | — | 0.05 | Aug 20, 2012 | lhn/public/network/ping in HP SAN/iQ 9.5 on the HP Virtual SAN Appliance allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) first, (2) third, or (3) fourth parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4361. | ||
| CVE-2012-3285 | 0.02 | — | 0.27 | Feb 6, 2013 | Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1513. | ||
| CVE-2012-3284 | 0.02 | — | 0.27 | Feb 6, 2013 | Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1512. | ||
| CVE-2012-3283 | 0.02 | — | 0.23 | Feb 6, 2013 | Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1511. | ||
| CVE-2011-4157 | 0.02 | — | 0.28 | Nov 16, 2011 | Stack-based buffer overflow in hydra.exe in HP SAN/iQ before 9.5 on the HP StorageWorks P4000 Virtual SAN Appliance allows remote attackers to execute arbitrary code via a crafted login request. | ||
| CVE-2013-2352 | 0.00 | — | 0.02 | Jul 10, 2013 | LeftHand OS (aka SAN iQ) 10.5 and earlier on HP StoreVirtual Storage devices does not provide a mechanism for disabling the HP Support challenge-response root-login feature, which makes it easier for remote attackers to obtain administrative access by leveraging knowledge of an unused one-time password. |
- CVE-2012-4361Aug 20, 2012risk 0.07cvss —epss 0.45
lhn/public/network/ping in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance allows remote authenticated users to execute arbitrary commands via shell metacharacters in the second parameter.
- CVE-2012-3282Feb 6, 2013risk 0.06cvss —epss 0.35
Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1468.
- CVE-2012-4362Aug 20, 2012risk 0.05cvss —epss 0.22
hydra.exe in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance has a hardcoded password of L0CAlu53R for the global$agent account, which allows remote attackers to obtain access to a management service via a login: request to TCP port 13838.
- CVE-2012-2986Aug 20, 2012risk 0.03cvss —epss 0.05
lhn/public/network/ping in HP SAN/iQ 9.5 on the HP Virtual SAN Appliance allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) first, (2) third, or (3) fourth parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4361.
- CVE-2012-3285Feb 6, 2013risk 0.02cvss —epss 0.27
Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1513.
- CVE-2012-3284Feb 6, 2013risk 0.02cvss —epss 0.27
Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1512.
- CVE-2012-3283Feb 6, 2013risk 0.02cvss —epss 0.23
Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1511.
- CVE-2011-4157Nov 16, 2011risk 0.02cvss —epss 0.28
Stack-based buffer overflow in hydra.exe in HP SAN/iQ before 9.5 on the HP StorageWorks P4000 Virtual SAN Appliance allows remote attackers to execute arbitrary code via a crafted login request.
- CVE-2013-2352Jul 10, 2013risk 0.00cvss —epss 0.02
LeftHand OS (aka SAN iQ) 10.5 and earlier on HP StoreVirtual Storage devices does not provide a mechanism for disabling the HP Support challenge-response root-login feature, which makes it easier for remote attackers to obtain administrative access by leveraging knowledge of an unused one-time password.