CVE-2013-2352
First published: Wed Jul 10 2013(Updated: )
LeftHand OS (aka SAN iQ) 10.5 and earlier on HP StoreVirtual Storage devices does not provide a mechanism for disabling the HP Support challenge-response root-login feature, which makes it easier for remote attackers to obtain administrative access by leveraging knowledge of an unused one-time password.
Credit: hp-security-alert@hp.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| HP SAN/iQ | <=10.5 | |
| HP SAN/iQ | =8.0 | |
| HP SAN/iQ | =8.1 | |
| HP SAN/iQ | =8.5 | |
| HP SAN/iQ | =9.0 | |
| HP SAN/iQ | =9.5 | |
| HP SAN/iQ | =10.0 | |
| Dell PowerEdge 2950 | ||
| HP ProLiant DL320 Gen11 Server | ||
| HP LeftHand nsm2060 g2 | ||
| HP LeftHand nsm2060 G2 | ||
| HP LeftHand nsm2120 G2 | ||
| HP LeftHand Virtual SAN Appliance | ||
| HP StorageWorks P4000 Virtual SAN Appliance | ||
| HP P4300 G2 | ||
| HP P4300 G2 | ||
| HP LeftHand P4500 | ||
| HP LeftHand P4500 | ||
| HP P4900 G2 | ||
| HP StoreVirtual Virtual Storage Appliance | ||
| HP StoreVirtual Virtual Storage Appliance | ||
| HP StoreVirtual Virtual Storage Appliance | ||
| HP StoreVirtual Virtual Storage Appliance | ||
| HP StoreVirtual Virtual Storage Appliance | ||
| HP StorageWorks P4000 Virtual SAN Appliance | ||
| IBM System x3650 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2013-2352?
CVE-2013-2352 is considered a moderate severity vulnerability that could allow remote attackers to gain administrative access.
How do I fix CVE-2013-2352?
To mitigate CVE-2013-2352, users should upgrade their HP StoreVirtual Storage devices to a version later than 10.5.
What versions of HP SAN/iQ are affected by CVE-2013-2352?
CVE-2013-2352 affects HP SAN/iQ versions 10.5 and earlier, including 8.0, 8.1, 8.5, 9.0, and 9.5.
Does CVE-2013-2352 affect all HP SAN/iQ devices?
CVE-2013-2352 specifically affects the HP StoreVirtual Storage devices running the vulnerable versions of HP SAN/iQ.
What impact does CVE-2013-2352 have on security?
CVE-2013-2352 can lead to unauthorized administrative access, potentially compromising the affected storage systems.
- agent/references
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/description
- agent/severity
- agent/weakness
- agent/author
- agent/event
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/hp
- canonical/hp san/iq
- version/hp san/iq/10.5
- version/hp san/iq/8.0
- version/hp san/iq/8.1
- version/hp san/iq/8.5
- version/hp san/iq/9.0
- version/hp san/iq/9.5
- version/hp san/iq/10.0
- vendor/dell
- canonical/dell poweredge 2950
- canonical/hp proliant dl320 gen11 server
- canonical/hp lefthand nsm2060 g2
- canonical/hp lefthand nsm2120 g2
- canonical/hp lefthand virtual san appliance
- canonical/hp storageworks p4000 virtual san appliance
- canonical/hp p4300 g2
- canonical/hp lefthand p4500
- canonical/hp p4900 g2
- canonical/hp storevirtual virtual storage appliance
- vendor/ibm
- canonical/ibm system x3650