CVE-2013-2352
Severity CVSS v4.0:
Pending analysis
Type:
CWE-255
Credentials Management
Publication date:
10/07/2013
Last modified:
11/04/2025
Description
LeftHand OS (aka SAN iQ) 10.5 and earlier on HP StoreVirtual Storage devices does not provide a mechanism for disabling the HP Support challenge-response root-login feature, which makes it easier for remote attackers to obtain administrative access by leveraging knowledge of an unused one-time password.
Impact
Base Score 2.0
9.40
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:hp:san\/iq:*:*:*:*:*:*:*:* | 10.5 (including) | |
| cpe:2.3:a:hp:san\/iq:8.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:hp:san\/iq:8.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:hp:san\/iq:8.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:hp:san\/iq:9.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:hp:san\/iq:9.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:hp:san\/iq:10.0:*:*:*:*:*:*:* | ||
| cpe:2.3:h:dell:poweredge_2950:*:*:*:*:*:*:*:* | ||
| cpe:2.3:h:hp:dl320s:*:*:*:*:*:*:*:* | ||
| cpe:2.3:h:hp:lefthand_nsm2060:*:*:*:*:*:*:*:* | ||
| cpe:2.3:h:hp:lefthand_nsm2060_g2:*:*:*:*:*:*:*:* | ||
| cpe:2.3:h:hp:lefthand_nsm2120_g2:*:*:*:*:*:*:*:* | ||
| cpe:2.3:h:hp:lefthand_vsa:*:*:*:*:*:*:*:* | ||
| cpe:2.3:h:hp:p4000_vsa:*:*:*:*:*:*:*:* | ||
| cpe:2.3:h:hp:p4300:*:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://www.theregister.co.uk/2013/07/09/hp_storage_more_possible_backdoors/
- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03825537
- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03825537
- http://www.theregister.co.uk/2013/07/09/hp_storage_more_possible_backdoors/
- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03825537
- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03825537