CVE-2013-2352

HP SAN/IQ <= 10.5 - Unauthenticated Root Login via Unused One-Time Password

Title source: llm

Description

LeftHand OS (aka SAN iQ) 10.5 and earlier on HP StoreVirtual Storage devices does not provide a mechanism for disabling the HP Support challenge-response root-login feature, which makes it easier for remote attackers to obtain administrative access by leveraging knowledge of an unused one-time password.

References (2)

Core 2

Core References

Various Sources x_refsource_misc

http://www.theregister.co.uk/2013/07/09/hp_storage_more_possible_backdoors/

Vendor Advisory vendor-advisory x_refsource_hp

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03825537

Scores

EPSS 0.0228

EPSS Percentile 84.9%

Details

CWE

CWE-255

Status published

Products (7)

hp/san\/iq 8.0

hp/san\/iq 8.1

hp/san\/iq 8.5

hp/san\/iq 9.0

hp/san\/iq 9.5

hp/san\/iq 10.0

hp/san\/iq < 10.5

Published Jul 10, 2013

Tracked Since Feb 18, 2026