CVE-2012-4361

HP SAN/iQ < 9.5 - Authenticated OS Command Injection via Ping Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2012-4361. PoCs published by Metasploit, Nicolas Gregoire, Nicolas Gregoire, sinn3r, including Metasploit module exploits/multi/misc/hp_vsa_exec.

AI-analyzed exploit summary This Metasploit module exploits a command injection vulnerability in HP StorageWorks P4000 Virtual SAN Appliance by leveraging default credentials to inject arbitrary commands via a crafted ping request on port 13838.

Description

lhn/public/network/ping in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance allows remote authenticated users to execute arbitrary commands via shell metacharacters in the second parameter.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotehardware
https://www.exploit-db.com/exploits/18901

This Metasploit module exploits a command injection vulnerability in HP StorageWorks P4000 Virtual SAN Appliance by leveraging default credentials to inject arbitrary commands via a crafted ping request on port 13838.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: HP StorageWorks P4000 Virtual SAN Appliance prior to 9.5
Auth required
Prerequisites: Network access to port 13838 · Default credentials for authentication
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Nicolas Gregoire · pythonremotehardware
https://www.exploit-db.com/exploits/18893

This exploit targets a command injection vulnerability in HP VSA/SANiQ Hydra client (CVE-2012-4362). It sends a crafted packet to execute arbitrary commands via a backdoor login and a command injection in the ping functionality, resulting in a reverse shell.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: HP VSA/SANiQ Hydra client (version not explicitly specified, but likely <= 8.5.0)
No auth needed
Prerequisites: Network access to the target's Hydra port (13838) · Perl installed on the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by Nicolas Gregoire, sinn3r · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/misc/hp_vsa_exec.rb

This Metasploit module exploits a command injection vulnerability in HP StorageWorks P4000 Virtual SAN Appliance by leveraging default credentials to inject arbitrary commands via a crafted ping request on port 13838.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: HP StorageWorks P4000 Virtual SAN Appliance versions prior to 9.5
Auth required
Prerequisites: Network access to port 13838 · Default credentials (L0CAlu53R)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/18901/
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/441363
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/18893/

Scores

EPSS 0.4780
EPSS Percentile 98.7%

Details

CWE
CWE-78
Status published
Products (4)
hp/san\/iq 8.0
hp/san\/iq 8.1
hp/san\/iq 8.5
hp/san\/iq < 9.0
Published Aug 20, 2012
Tracked Since Feb 18, 2026