CVE-2013-2352

EUVD-2013-2298
LeftHand OS (aka SAN iQ) 10.5 and earlier on HP StoreVirtual Storage devices does not provide a mechanism for disabling the HP Support challenge-response root-login feature, which makes it easier for remote attackers to obtain administrative access by leveraging knowledge of an unused one-time password.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 84%
Affected Products (NVD)
VendorProductVersion
hpsan\/iq
𝑥
≤ 10.5
hpsan\/iq
8.0
hpsan\/iq
8.1
hpsan\/iq
8.5
hpsan\/iq
9.0
hpsan\/iq
9.5
hpsan\/iq
10.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.theregister.co.uk/2013/07/09/hp_storage_more_possible_backdoors/
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03825537
http://www.theregister.co.uk/2013/07/09/hp_storage_more_possible_backdoors/
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03825537