Описание
LeftHand OS (aka SAN iQ) 10.5 and earlier on HP StoreVirtual Storage devices does not provide a mechanism for disabling the HP Support challenge-response root-login feature, which makes it easier for remote attackers to obtain administrative access by leveraging knowledge of an unused one-time password.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 10.5 (включая)
Одновременно
Одно из
cpe:2.3:a:hp:san\/iq:*:*:*:*:*:*:*:*
cpe:2.3:a:hp:san\/iq:8.0:*:*:*:*:*:*:*
cpe:2.3:a:hp:san\/iq:8.1:*:*:*:*:*:*:*
cpe:2.3:a:hp:san\/iq:8.5:*:*:*:*:*:*:*
cpe:2.3:a:hp:san\/iq:9.0:*:*:*:*:*:*:*
cpe:2.3:a:hp:san\/iq:9.5:*:*:*:*:*:*:*
cpe:2.3:a:hp:san\/iq:10.0:*:*:*:*:*:*:*
Одно из
cpe:2.3:h:dell:poweredge_2950:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:dl320s:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:lefthand_nsm2060:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:lefthand_nsm2060_g2:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:lefthand_nsm2120_g2:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:lefthand_vsa:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:p4000_vsa:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:p4300:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:p4300_g2:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:p4500:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:p4500_g2:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:p4900_g2:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:storevirtual_4130:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:storevirtual_4330:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:storevirtual_4530:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:storevirtual_4630:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:storevirtual_4730:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:storevirtual_vsa:*:*:*:*:*:*:*:*
cpe:2.3:h:ibm:x3650:*:*:*:*:*:*:*:*
EPSS
Процентиль: 84%
0.02217
Низкий
9.4 Critical
CVSS2
Дефекты
CWE-255
Связанные уязвимости
github
около 3 лет назад
LeftHand OS (aka SAN iQ) 10.5 and earlier on HP StoreVirtual Storage devices does not provide a mechanism for disabling the HP Support challenge-response root-login feature, which makes it easier for remote attackers to obtain administrative access by leveraging knowledge of an unused one-time password.
EPSS
Процентиль: 84%
0.02217
Низкий
9.4 Critical
CVSS2
Дефекты
CWE-255