Vulnerabilities > CVE-2012-4362 - Credentials Management vulnerability in HP San/Iq 9.5
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
hydra.exe in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance has a hardcoded password of L0CAlu53R for the global$agent account, which allows remote attackers to obtain access to a management service via a login: request to TCP port 13838.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| Hardware | 1 |
Common Weakness Enumeration (CWE)
Exploit-Db
description HP VSA Remote Command Execution Exploit. CVE-2012-2986,CVE-2012-4361,CVE-2012-4362. Remote exploit for hardware platform file exploits/hardware/remote/18893.py id EDB-ID:18893 last seen 2016-02-02 modified 2012-02-17 platform hardware port published 2012-02-17 reporter Nicolas Gregoire source https://www.exploit-db.com/download/18893/ title HP VSA Remote Command Execution Exploit type remote description HP StorageWorks P4000 Virtual SAN Appliance Command Execution. CVE-2012-2986,CVE-2012-4361,CVE-2012-4362. Remote exploit for hardware platform file exploits/hardware/remote/18901.rb id EDB-ID:18901 last seen 2016-02-02 modified 2012-05-21 platform hardware port published 2012-05-21 reporter metasploit source https://www.exploit-db.com/download/18901/ title HP StorageWorks P4000 Virtual SAN Appliance Command Execution type remote