CVE-2012-4362

HP San/iq - Credentials Management

Title source: rule

Description

hydra.exe in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance has a hardcoded password of L0CAlu53R for the global$agent account, which allows remote attackers to obtain access to a management service via a login: request to TCP port 13838.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotehardware

https://www.exploit-db.com/exploits/18901

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Nicolas Gregoire · pythonremotehardware

https://www.exploit-db.com/exploits/18893

View Code ZIP pw:eip

References (3)

[Exploit] http://www.exploit-db.com/exploits/18901/

[US Government Resource] http://www.kb.cert.org/vuls/id/441363

[Exploit] http://www.exploit-db.com/exploits/18893/

Scores

EPSS 0.2212

EPSS Percentile 95.8%

Details

CWE

CWE-255

Status published

Products (1)

hp/san\/iq 9.5

Published Aug 20, 2012

Tracked Since Feb 18, 2026