Iq 9.5

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

CWE-255

exploit available

NVD

Published: 2012-08-20

Updated: 2012-08-21

Summary

hydra.exe in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance has a hardcoded password of L0CAlu53R for the global$agent account, which allows remote attackers to obtain access to a management service via a login: request to TCP port 13838.

Vulnerable Configurations

Part	Description	Count
Application	Hp HP San/Iq 9.5	1
Hardware	Hp HP Virtual SAN Appliance -	1

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

Exploit-Db

description	HP VSA Remote Command Execution Exploit. CVE-2012-2986,CVE-2012-4361,CVE-2012-4362. Remote exploit for hardware platform
file	exploits/hardware/remote/18893.py
id	EDB-ID:18893
last seen	2016-02-02
modified	2012-02-17
platform	hardware
port
published	2012-02-17
reporter	Nicolas Gregoire
source	https://www.exploit-db.com/download/18893/
title	HP VSA Remote Command Execution Exploit
type	remote

description	HP StorageWorks P4000 Virtual SAN Appliance Command Execution. CVE-2012-2986,CVE-2012-4361,CVE-2012-4362. Remote exploit for hardware platform
file	exploits/hardware/remote/18901.rb
id	EDB-ID:18901
last seen	2016-02-02
modified	2012-05-21
platform	hardware
port
published	2012-05-21
reporter	metasploit
source	https://www.exploit-db.com/download/18901/
title	HP StorageWorks P4000 Virtual SAN Appliance Command Execution
type	remote

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Exploit-Db

References