CVE-2012-4361

HP San/iq < 9.0 - OS Command Injection

Title source: rule

Description

lhn/public/network/ping in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance allows remote authenticated users to execute arbitrary commands via shell metacharacters in the second parameter.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotehardware

https://www.exploit-db.com/exploits/18901

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Nicolas Gregoire · pythonremotehardware

https://www.exploit-db.com/exploits/18893

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Nicolas Gregoire, sinn3r · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/misc/hp_vsa_exec.rb

View Code ZIP pw:eip

References (3)

[Exploit] http://www.exploit-db.com/exploits/18893/

[Exploit] http://www.exploit-db.com/exploits/18901/

[US Government Resource] http://www.kb.cert.org/vuls/id/441363

Scores

EPSS 0.4475

EPSS Percentile 97.6%

Details

CWE

CWE-78

Status published

Products (4)

hp/san\/iq 8.0

hp/san\/iq 8.1

hp/san\/iq 8.5

hp/san\/iq < 9.0

Published Aug 20, 2012

Tracked Since Feb 18, 2026