CVE-2012-4362

HP SAN/iQ < 9.5 - Unauthenticated Remote Access via Hardcoded Password

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2012-4362. PoCs published by Metasploit, Nicolas Gregoire.

AI-analyzed exploit summary This Metasploit module exploits a command injection vulnerability in HP StorageWorks P4000 Virtual SAN Appliance by leveraging default credentials to inject arbitrary commands via a crafted ping request on port 13838.

Description

hydra.exe in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance has a hardcoded password of L0CAlu53R for the global$agent account, which allows remote attackers to obtain access to a management service via a login: request to TCP port 13838.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotehardware

https://www.exploit-db.com/exploits/18901

View Code ZIP pw:eip

This Metasploit module exploits a command injection vulnerability in HP StorageWorks P4000 Virtual SAN Appliance by leveraging default credentials to inject arbitrary commands via a crafted ping request on port 13838.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: HP StorageWorks P4000 Virtual SAN Appliance prior to 9.5

Auth required

Prerequisites: Network access to port 13838 · Default credentials for authentication

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Nicolas Gregoire · pythonremotehardware

https://www.exploit-db.com/exploits/18893

View Code ZIP pw:eip

This exploit targets a command injection vulnerability in HP VSA/SANiQ Hydra client (CVE-2012-4362). It sends a crafted packet to execute arbitrary commands via a backdoor login and a command injection in the ping functionality, resulting in a reverse shell.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: HP VSA/SANiQ Hydra client (version not explicitly specified, but likely <= 8.5.0)

No auth needed

Prerequisites: Network access to the target's Hydra port (13838) · Perl installed on the target system

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/18901/

US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/441363

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/18893/

Scores

EPSS 0.0320

EPSS Percentile 86.5%

Details

CWE

CWE-255

Status published

Products (1)

hp/san\/iq 9.5

Published Aug 20, 2012

Tracked Since Feb 18, 2026