Vulnerabilities > CVE-2010-4115 - Credentials Management vulnerability in HP Storageworks Modular Smart Array P2000 G3 Firmware

047910
CVSS 9.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
hp
CWE-255
critical
nessus

Summary

HP StorageWorks Modular Smart Array P2000 G3 firmware TS100R011, TS100R025, TS100P002, TS200R005, TS201R014, and TS201R015 installs an undocumented admin account with a default "!admin" password, which allows remote attackers to gain privileges.

Common Weakness Enumeration (CWE)

Nessus

NASL familyGain a shell remotely
NASL idHP_STORAGEWORKS_ADMIN_DEFAULT_CREDS.NASL
descriptionThe remote device appears to be a HP StorageWorks MSA P2000 series. There is a hidden, undocumented account named
last seen2020-06-01
modified2020-06-02
plugin id51369
published2010-12-23
reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/51369
titleHP StorageWorks MSA P2000 Hidden 'admin' User Default Credentials