Vulnerability Details : CVE-2013-2352
LeftHand OS (aka SAN iQ) 10.5 and earlier on HP StoreVirtual Storage devices does not provide a mechanism for disabling the HP Support challenge-response root-login feature, which makes it easier for remote attackers to obtain administrative access by leveraging knowledge of an unused one-time password.
Products affected by CVE-2013-2352
- cpe:2.3:a:hp:san\/iq:*:*:*:*:*:*:*:*When used together with: Dell » Poweredge 2950When used together with: HP » Lefthand Nsm2060When used together with: HP » Lefthand Nsm2060 G2When used together with: HP » Lefthand Nsm2120 G2When used together with: HP » Lefthand VsaWhen used together with: HP » Storevirtual 4130When used together with: HP » Storevirtual 4330When used together with: HP » Storevirtual 4530When used together with: HP » Storevirtual 4630When used together with: HP » Storevirtual 4730When used together with: HP » Storevirtual Vsa
- cpe:2.3:a:hp:san\/iq:8.0:*:*:*:*:*:*:*When used together with: Dell » Poweredge 2950When used together with: HP » Lefthand Nsm2060When used together with: HP » Lefthand Nsm2060 G2When used together with: HP » Lefthand Nsm2120 G2When used together with: HP » Lefthand VsaWhen used together with: HP » Storevirtual 4130When used together with: HP » Storevirtual 4330When used together with: HP » Storevirtual 4530When used together with: HP » Storevirtual 4630When used together with: HP » Storevirtual 4730When used together with: HP » Storevirtual Vsa
- cpe:2.3:a:hp:san\/iq:8.1:*:*:*:*:*:*:*When used together with: Dell » Poweredge 2950When used together with: HP » Lefthand Nsm2060When used together with: HP » Lefthand Nsm2060 G2When used together with: HP » Lefthand Nsm2120 G2When used together with: HP » Lefthand VsaWhen used together with: HP » Storevirtual 4130When used together with: HP » Storevirtual 4330When used together with: HP » Storevirtual 4530When used together with: HP » Storevirtual 4630When used together with: HP » Storevirtual 4730When used together with: HP » Storevirtual Vsa
- cpe:2.3:a:hp:san\/iq:8.5:*:*:*:*:*:*:*When used together with: Dell » Poweredge 2950When used together with: HP » Lefthand Nsm2060When used together with: HP » Lefthand Nsm2060 G2When used together with: HP » Lefthand Nsm2120 G2When used together with: HP » Lefthand VsaWhen used together with: HP » Storevirtual 4130When used together with: HP » Storevirtual 4330When used together with: HP » Storevirtual 4530When used together with: HP » Storevirtual 4630When used together with: HP » Storevirtual 4730When used together with: HP » Storevirtual Vsa
- cpe:2.3:a:hp:san\/iq:9.5:*:*:*:*:*:*:*When used together with: Dell » Poweredge 2950When used together with: HP » Lefthand Nsm2060When used together with: HP » Lefthand Nsm2060 G2When used together with: HP » Lefthand Nsm2120 G2When used together with: HP » Lefthand VsaWhen used together with: HP » Storevirtual 4130When used together with: HP » Storevirtual 4330When used together with: HP » Storevirtual 4530When used together with: HP » Storevirtual 4630When used together with: HP » Storevirtual 4730When used together with: HP » Storevirtual Vsa
- cpe:2.3:a:hp:san\/iq:9.0:*:*:*:*:*:*:*When used together with: Dell » Poweredge 2950When used together with: HP » Lefthand Nsm2060When used together with: HP » Lefthand Nsm2060 G2When used together with: HP » Lefthand Nsm2120 G2When used together with: HP » Lefthand VsaWhen used together with: HP » Storevirtual 4130When used together with: HP » Storevirtual 4330When used together with: HP » Storevirtual 4530When used together with: HP » Storevirtual 4630When used together with: HP » Storevirtual 4730When used together with: HP » Storevirtual Vsa
- cpe:2.3:a:hp:san\/iq:10.0:*:*:*:*:*:*:*When used together with: Dell » Poweredge 2950When used together with: HP » Lefthand Nsm2060When used together with: HP » Lefthand Nsm2060 G2When used together with: HP » Lefthand Nsm2120 G2When used together with: HP » Lefthand VsaWhen used together with: HP » Storevirtual 4130When used together with: HP » Storevirtual 4330When used together with: HP » Storevirtual 4530When used together with: HP » Storevirtual 4630When used together with: HP » Storevirtual 4730When used together with: HP » Storevirtual Vsa
Exploit prediction scoring system (EPSS) score for CVE-2013-2352
0.87%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 82 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-2352
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.4
|
HIGH | AV:N/AC:L/Au:N/C:N/I:C/A:C |
10.0
|
9.2
|
NIST |
CWE ids for CVE-2013-2352
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-2352
-
http://www.theregister.co.uk/2013/07/09/hp_storage_more_possible_backdoors/
HP storage: more possible backdoors • The Register
-
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03825537
HP Support for Technical Help and Troubleshooting | HP® Customer Service.Vendor Advisory
Jump to