CVE-2012-2986

HP SAN/iQ 9.5 - Command Injection

Title source: llm

Description

lhn/public/network/ping in HP SAN/iQ 9.5 on the HP Virtual SAN Appliance allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) first, (2) third, or (3) fourth parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4361.

Exploits (2)

exploitdb WORKING POC

pythonremotehardware

https://www.exploit-db.com/exploits/18893

View Code ZIP pw:eip

exploitdb WORKING POC

rubyremotehardware

https://www.exploit-db.com/exploits/18901

View Code ZIP pw:eip

References (1)

[US Government Resource] http://www.kb.cert.org/vuls/id/441363

Scores

EPSS 0.0520

EPSS Percentile 90.0%

Details

CWE

CWE-78

Status published

Products (1)

hp/san\/iq 9.5

Published Aug 20, 2012

Tracked Since Feb 18, 2026