Vulnerability Details : CVE-2012-4362
hydra.exe in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance has a hardcoded password of L0CAlu53R for the global$agent account, which allows remote attackers to obtain access to a management service via a login: request to TCP port 13838.
Exploit prediction scoring system (EPSS) score for CVE-2012-4362
Probability of exploitation activity in the next 30 days: 0.28%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 67 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2012-4362
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:P/A:N |
8.0
|
2.9
|
NIST |
CWE ids for CVE-2012-4362
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-4362
-
http://www.exploit-db.com/exploits/18901/
HP StorageWorks P4000 - Virtual SAN Appliance Command Execution (Metasploit) - Hardware remote ExploitExploit
-
http://www.kb.cert.org/vuls/id/441363
VU#441363 - HP Virtual SAN appliance root shell command injectionUS Government Resource
-
http://www.exploit-db.com/exploits/18893/
HP VSA - Remote Command Execution - Hardware remote ExploitExploit
Products affected by CVE-2012-4362
- cpe:2.3:a:hp:san\/iq:9.5:*:*:*:*:*:*:*