HP LeftHand Virtual SAN Appliance < 10.0 hydra Service Multiple Remote Code Execution Vulnerabilities

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

A management service on the remote host has multiple remote code
execution vulnerabilities.

Description :

According to the version fingerprinted by Nessus, the remote host is
an HP LeftHand Virtual SAN Appliance prior to version 10.0. It is,
therefore, affected by multiple unspecified remote code execution
vulnerabilities in the hydra service.

See also :

http://www.zerodayinitiative.com/advisories/ZDI-13-179/
http://www.nessus.org/u?a39bf479
http://www.securityfocus.com/archive/1/527020/30/0/threaded

Solution :

Upgrade to HP LeftHand Virtual SAN Appliance version 10.0 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.3
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Gain a shell remotely

Nessus Plugin ID: 64633 ()

Bugtraq ID: 57754
60884

CVE ID: CVE-2012-3282
CVE-2012-3283
CVE-2012-3284
CVE-2012-3285
CVE-2013-2343