1. CVE-Search
  2. CVE-2013-2352
ID CVE-2013-2352
Summary LeftHand OS (aka SAN iQ) 10.5 and earlier on HP StoreVirtual Storage devices does not provide a mechanism for disabling the HP Support challenge-response root-login feature, which makes it easier for remote attackers to obtain administrative access by leveraging knowledge of an unused one-time password.
References
Vulnerable Configurations
  • cpe:2.3:a:hp:san\/iq:8.0:*:*:*:*:*:*:*
    cpe:2.3:a:hp:san\/iq:8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:san\/iq:8.1:*:*:*:*:*:*:*
    cpe:2.3:a:hp:san\/iq:8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:san\/iq:8.5:*:*:*:*:*:*:*
    cpe:2.3:a:hp:san\/iq:8.5:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:san\/iq:9.0:*:*:*:*:*:*:*
    cpe:2.3:a:hp:san\/iq:9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:san\/iq:9.5:*:*:*:*:*:*:*
    cpe:2.3:a:hp:san\/iq:9.5:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:san\/iq:10.0:*:*:*:*:*:*:*
    cpe:2.3:a:hp:san\/iq:10.0:*:*:*:*:*:*:*
  • cpe:2.3:h:dell:poweredge_2950:*:*:*:*:*:*:*:*
    cpe:2.3:h:dell:poweredge_2950:*:*:*:*:*:*:*:*
  • cpe:2.3:h:hp:dl320s:*:*:*:*:*:*:*:*
    cpe:2.3:h:hp:dl320s:*:*:*:*:*:*:*:*
  • cpe:2.3:h:hp:lefthand_nsm2060:*:*:*:*:*:*:*:*
    cpe:2.3:h:hp:lefthand_nsm2060:*:*:*:*:*:*:*:*
  • cpe:2.3:h:hp:lefthand_nsm2060_g2:*:*:*:*:*:*:*:*
    cpe:2.3:h:hp:lefthand_nsm2060_g2:*:*:*:*:*:*:*:*
  • cpe:2.3:h:hp:lefthand_nsm2120_g2:*:*:*:*:*:*:*:*
    cpe:2.3:h:hp:lefthand_nsm2120_g2:*:*:*:*:*:*:*:*
  • cpe:2.3:h:hp:lefthand_vsa:*:*:*:*:*:*:*:*
    cpe:2.3:h:hp:lefthand_vsa:*:*:*:*:*:*:*:*
  • cpe:2.3:h:hp:p4000_vsa:*:*:*:*:*:*:*:*
    cpe:2.3:h:hp:p4000_vsa:*:*:*:*:*:*:*:*
  • cpe:2.3:h:hp:p4300:*:*:*:*:*:*:*:*
    cpe:2.3:h:hp:p4300:*:*:*:*:*:*:*:*
  • cpe:2.3:h:hp:p4300_g2:*:*:*:*:*:*:*:*
    cpe:2.3:h:hp:p4300_g2:*:*:*:*:*:*:*:*
  • cpe:2.3:h:hp:p4500:*:*:*:*:*:*:*:*
    cpe:2.3:h:hp:p4500:*:*:*:*:*:*:*:*
  • cpe:2.3:h:hp:p4500_g2:*:*:*:*:*:*:*:*
    cpe:2.3:h:hp:p4500_g2:*:*:*:*:*:*:*:*
  • cpe:2.3:h:hp:p4900_g2:*:*:*:*:*:*:*:*
    cpe:2.3:h:hp:p4900_g2:*:*:*:*:*:*:*:*
  • cpe:2.3:h:hp:storevirtual_4130:*:*:*:*:*:*:*:*
    cpe:2.3:h:hp:storevirtual_4130:*:*:*:*:*:*:*:*
  • cpe:2.3:h:hp:storevirtual_4330:*:*:*:*:*:*:*:*
    cpe:2.3:h:hp:storevirtual_4330:*:*:*:*:*:*:*:*
  • cpe:2.3:h:hp:storevirtual_4530:*:*:*:*:*:*:*:*
    cpe:2.3:h:hp:storevirtual_4530:*:*:*:*:*:*:*:*
  • cpe:2.3:h:hp:storevirtual_4630:*:*:*:*:*:*:*:*
    cpe:2.3:h:hp:storevirtual_4630:*:*:*:*:*:*:*:*
  • cpe:2.3:h:hp:storevirtual_4730:*:*:*:*:*:*:*:*
    cpe:2.3:h:hp:storevirtual_4730:*:*:*:*:*:*:*:*
  • cpe:2.3:h:hp:storevirtual_vsa:*:*:*:*:*:*:*:*
    cpe:2.3:h:hp:storevirtual_vsa:*:*:*:*:*:*:*:*
  • cpe:2.3:h:ibm:x3650:*:*:*:*:*:*:*:*
    cpe:2.3:h:ibm:x3650:*:*:*:*:*:*:*:*
CVSS
Base: 9.4 (as of 09-10-2019 - 23:07)
Impact:
Exploitability:
CWE CWE-255
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:C/A:C
refmap via4
hp
  • HPSBST02896
  • SSRT101257
misc http://www.theregister.co.uk/2013/07/09/hp_storage_more_possible_backdoors/
Last major update 09-10-2019 - 23:07
Published 10-07-2013 - 22:55
Last modified 09-10-2019 - 23:07
Back to Top