CVE-2012-2986

HP SAN/iQ 9.5 - Authenticated OS Command Injection via Ping Endpoint Parameters

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2012-2986.

AI-analyzed exploit summary This exploit leverages a command injection vulnerability in HP VSA/SANiQ Hydra client by sending a crafted 'ping' request with embedded Perl reverse shell payload. It first authenticates using a backdoor login before executing the malicious command.

Description

lhn/public/network/ping in HP SAN/iQ 9.5 on the HP Virtual SAN Appliance allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) first, (2) third, or (3) fourth parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4361.

Exploits (2)

exploitdb WORKING POC

pythonremotehardware

https://www.exploit-db.com/exploits/18893

View Code ZIP pw:eip

This exploit leverages a command injection vulnerability in HP VSA/SANiQ Hydra client by sending a crafted 'ping' request with embedded Perl reverse shell payload. It first authenticates using a backdoor login before executing the malicious command.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: HP VSA/SANiQ Hydra client (version 8.5.0 or earlier)

Auth required

Prerequisites: Network access to target's Hydra port (13838) · Target must be running vulnerable HP VSA/SANiQ software

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 19, 2026 Full analysis →

exploitdb WORKING POC

rubyremotehardware

https://www.exploit-db.com/exploits/18901

View Code ZIP pw:eip

This Metasploit module exploits a command injection vulnerability in HP StorageWorks P4000 VSA by leveraging default credentials to inject arbitrary commands via a crafted ping request on port 13838.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: HP StorageWorks P4000 Virtual SAN Appliance prior to 9.5

Auth required

Prerequisites: Network access to port 13838 · Default credentials (L0CAlu53R)

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1

Core References

US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/441363

Scores

EPSS 0.0520

EPSS Percentile 90.2%

Details

CWE

CWE-78

Status published

Products (1)

hp/san\/iq 9.5

Published Aug 20, 2012

Tracked Since Feb 18, 2026