Vulnerabilities > CVE-2010-4115 - Credentials Management vulnerability in HP Storageworks Modular Smart Array P2000 G3 Firmware

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

CWE-255

nessus

NVD

Published: 2010-12-17

Updated: 2024-11-21

Summary

HP StorageWorks Modular Smart Array P2000 G3 firmware TS100R011, TS100R025, TS100P002, TS200R005, TS201R014, and TS201R015 installs an undocumented admin account with a default "!admin" password, which allows remote attackers to gain privileges.

Vulnerable Configurations

Part	Description	Count
Hardware	Hp HP Storageworks Modular Smart Array P2000 G3 *	1
Application	Hp HP Storageworks Modular Smart Array P2000 G3 Firmware Ts100P002 HP Storageworks Modular Smart Array P2000 G3 Firmware Ts100R011 HP Storageworks Modular Smart Array P2000 G3 Firmware Ts100R025 HP Storageworks Modular Smart Array P2000 G3 Firmware Ts200R005 HP Storageworks Modular Smart Array P2000 G3 Firmware Ts201R014 HP Storageworks Modular Smart Array P2000 G3 Firmware Ts201R015	6

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

Nessus

NASL family	Gain a shell remotely
NASL id	HP_STORAGEWORKS_ADMIN_DEFAULT_CREDS.NASL
description	The remote device appears to be a HP StorageWorks MSA P2000 series. There is a hidden, undocumented account named
last seen	2020-06-01
modified	2020-06-02
plugin id	51369
published	2010-12-23
reporter	This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/51369
title	HP StorageWorks MSA P2000 Hidden 'admin' User Default Credentials

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

References